RE: Possible bug in Snort 1.9 (with config alertfile)

["L. Christopher Luther" <CLuther () Xybernaut com>]

1t - make sure you're not also specifying the '-l somedir' command line
parameter or any other log/alert command line parameter that may include a
path that conflicts with the 'config logdir' option.  

2nd - try and change the 'config logdir' to look like 'config logdir
c:/snort/log'.  I use the forward slashes under Win32 w/o any problems.  

3rd - make sure that any output plugins you're using (e.g., output
alert_fast: somefile) do not also include a pathname.  

Hope this helps.  

- Christopher 


-----Original Message-----
From: "Charles Darwin" <darwin () netmadeira com>
To: "Snort-Users \(E-mail\)" <snort-users () lists sourceforge net>
Cc: "Chris Reid" <Chris.Reid () CodeCraftConsultants com>
Date: Mon, 17 Feb 2003 00:27:25 -0000
Subject: [Snort-users] Possible bug in Snort 1.9 (with config alertfile)

Version: 1.9.0-ODBC-MySQL-MSSQL-FlexRESP-WIN32 (Build 229) (and almost
surely lower versions also)

My system:Win XP

Error message:
ERROR in OpenAlertFile() => fopen() alert file
C:\snort\log/C:\snort\log/alerts.
log: Invalid argument
Fatal Error, Quitting..

****************************************************

I have changed config in this way before the error message appeared:
config logdir: C:\snort\log
config alertfile: alerts.log

My guess is that there is a little bug that makes it append 2 times the log
path to the alert file.

Best regards,

Paulo Santos Perneta <pperneta () netmadeira com>