Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.0.0 rules

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 11 Jun 2003 17:08:13 -0400
At 03:53 PM 6/11/2003 -0500, msmythe () armada cl wrote:

Hi,
I use redhat 7.3, kernel 2.4.20.18-7 platform,with snort 2.0.0

I´m tryng to run form   [msmythe@of51 msmythe] directory, where i have a
snort and log directories. The error message says:
can not get write access to logging directory "var/log/snort". (directory
doesn´t exist or permissions are set incorrectly or it is not a directory as
all)
Fatal Error, Quitting..
.... i checked it out  in /var/log and snort directory doesn´t exist. Should
i create it?
Well, you're using RELATIVE paths with the command line you stated.. so you need to create ./var/log/snort relative to msmythe's home directory, not /var/log/snort. Unless you stop specifying the -l parameter the way you are at present.
And for reference the directory isn't [msmythe@of51 msmythe].. if you type pwd you'll see that your directory is likely to be /home/msmythe. What you put there is part of a common bash-shell prompt and only displays the last part of the actual path, along with username and machine name.
It should be noted however that snort MUST be started as ROOT user, or a special user that you've set up to have root-like privleges for raw sockets. Normal non-root users cannot initiate pcap. No there is no way around this, it's built into the OS that way for security reasons. 




OK, i´ll use snort instead of ./snort.

Another questions please:
1. must i have to use MySQL or ACID?...why?
No, those are options you can choose to use, and are popular because the UI of acid is fairly easy to use. By default snort logs to an ascii file. 


2. exist another snort 2.0.0 rules file? or i downloaded with the last
release of snort 2.0.0.? . How can i use it?
There's only one ruleset, but you can download an updated version of that ruleset from: 
http://www.snort.org/dl/rules/



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: