Snort mailing list archives
New user -- Ownership and logging question
From: Mystical Dluxe <mysticaldluxe () softhome net>
Date: 14 Feb 2003 16:05:01 -0500
Greetings all... I have worked with snort binary dumps in the past and have read some of Northcutt's books, but just yesterday fired up snort for the first time. I spent the last few days going through the manual and the FAQ, but I have two questions... These may be "thick headed-newbie, missed it in the man" type things and if so I apologize. I really did try to find the answers on my own in the docs before posting. 1) I am running snort using sudo because RH8 won't let my user account put the card in promiscuous mode as a user. I don't *want* to run as root, so I've been doing "sudo snort -b -c snort.conf -l ./snortlog". Q: Any output from snort is then owned and locked to root. Is there an easy way to specify the owner of the output or to run cleanly in my user context? 2) As above, I'm using the command "sudo snort -b -c snort.conf -l ./snortlog"... From what I thought, using the binary switch would dump all packets into the ./snortlog/snort.log.123456789 file. It appears, however, that packets get filed based on the attack profile (portscan). Is this a property in snort or in the ruleset? I'd prefer to have all packets that trigger alerts dumped into the same log file. Again... I apologize if this is old hash. Feel free to respond privately if appropriate. Sincerely, B ------------------------------- MysticalDluxe--at--softhome.net "You know what? Someone once said that we have nothing to fear but fear itse... GET DOWN NOW!!" > J'adam Wyatt waxing Philo ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New user -- Ownership and logging question Mystical Dluxe (Feb 15)