Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Snort not logging to the /var/log/snort/alert file

From: "Shawn Kottke" <skottke () DATALINK com>
Date: Wed, 24 Mar 2004 17:21:42 -0600
Did you stop and restart snort after changing the permissions?

Shawn Kottke
Datalink Corporation


-----Original Message-----
From: ids () san rr com <ids () san rr com>
To: snort-users () lists sourceforge net <snort-users () lists sourceforge net>
CC: Shawn Kottke <skottke () DATALINK com>
Sent: Wed Mar 24 16:59:47 2004
Subject: Re: RE: [Snort-users] Snort not logging to the /var/log/snort/alert file


I changed the owner, group and permissions (left it wide open for anybody) and still Snort is not writing to the file. 
Here is whatI get when I ls -l

-rwxrwxrwx    1 snort    snort           0 Mar 24 14:37 alert


Please anybody have any addtional ideas before I start from scratch again?


Thanks!!!!


Alan



----- Original Message -----
From: Shawn Kottke <skottke () DATALINK com>
Date: Wednesday, March 24, 2004 1:39 pm
Subject: RE: [Snort-users] Snort not logging to the /var/log/snort/alert file


No, the user snort does not have rights.
Do the following at the command prompt:
chown snort alert
chgrp snort alert

This will change the owner and the group of the file so that the snort
user can write to it.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[snort-users-admin () lists sourceforge net] On Behalf Of
ids () san rr com
Sent: Wednesday, March 24, 2004 3:01 PM
To: snort-users () lists sourceforge net
Cc: twig les
Subject: Re: [Snort-users] Snort not logging to the 
/var/log/snort/alertfile

Here is what I get when I run a ls -l in the /var/log/snort 
folder: 

-rw-r--r--    1 root     root            1 Mar 24 09:57 alert

Does Snort have permissions to write to the alert file?


Thanks,


Alan


----- Original Message -----
From: twig les <twigles () yahoo com>
Date: Wednesday, March 24, 2004 12:43 pm
Subject: Re: [Snort-users] Snort not logging to the 
/var/log/snort/alertfile



--- Shawn Kottke <skottke () DATALINK com> wrote:

Does the user that you run snort under have rights to write to
the file that you created?

Do an ll on the file and check the user, group and flag
settings.

Are these appropriate for the user that snort runs under?

Shawn Kottke
Datalink Corporation



ll is an alias used by some shells.  You may get a "command not
found" message or something.  Use "ls -l".

=====
-----------------------------------------------------------
With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
    --Carl Sagan  
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html





-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&opÕick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list×ort-users
Previous By Date Next
Previous By Thread Next

Current thread: