Snort mailing list archives

Previous By Date Next
Previous By Thread Next

New user -- Ownership and logging question

From: Mystical Dluxe <mysticaldluxe () softhome net>
Date: 14 Feb 2003 16:05:01 -0500
Greetings all...

I have worked with snort binary dumps in the past and have read some of
Northcutt's books, but just yesterday fired up snort for the first time.

I spent the last few days going through the manual and the FAQ, but I
have two questions... These may be "thick headed-newbie, missed it in
the man" type things and if so I apologize.  I really did try to find
the answers on my own in the docs before posting.

1) I am running snort using sudo because RH8 won't let my user account
put the card in promiscuous mode as a user.  I don't *want* to run as
root, so I've been doing "sudo snort -b -c snort.conf -l ./snortlog".
        Q:  Any output from snort is then owned and locked to root.  Is there
an easy way to specify the owner of the output or to run cleanly in my
user context?

2) As above, I'm using the command "sudo snort -b -c snort.conf -l
./snortlog"...  From what I thought, using the binary switch would dump
all packets into the ./snortlog/snort.log.123456789 file.  It appears,
however, that packets get filed based on the attack profile (portscan).
Is this a property in snort or in the ruleset?  I'd prefer to have all
packets that trigger alerts dumped into the same log file.

Again... I apologize if this is old hash.  Feel free to respond
privately if appropriate.

Sincerely,
B 


-------------------------------
MysticalDluxe--at--softhome.net

"You know what? Someone once said
that we have nothing to fear but 
fear itse... GET DOWN NOW!!" 
       > J'adam Wyatt waxing Philo



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: