Snort mailing list archives
Re: Snort not logging to the /var/log/snort/alert file
From: Christopher Cramer <chris.cramer () duke edu>
Date: Wed, 24 Mar 2004 15:59:14 -0500
Alan, A quick sanity check - you did restart snort after recreating the file? Sorry for the dumb question, but with the way unix files and inodes work, if you don't restart the process writing to the alerts file (snort), it will continue to write to the old (deleted) file. restarting the snort process would cause it to reopen the alerts file (creating a new one if necessary). just a thought -c -- Christopher E. Cramer, Ph.D. Information Technology Security Officer Duke University, Office of Information Technology 253A North Building, Box 90132, Durham, NC 27708-0291 PH: 919-660-7003 FAX: 919-660-7076 email: chris.cramer () duke edu On Wed, 2004-03-24 at 15:15, ids () san rr com wrote:
thank you for the reply. I'm a little confused about what you mean here: Before anything you need to pass this path in your line, preceded by the swtch "-l" Format: -l /var/log/snort. but I did type chmod 777 /var/log/snort under root. Is this all I need to do? Sorry for all the dumb questions :) Alan ------------------------- Ok, let's go You need to give permissions to the snort. It needs to write in the /var/log/snort. Before anything you need to pass this path in your line, preceded by the swtch "-l" Format: -l /var/log/snort. If you are on a ---test--- environment, just type chmod 777 /var/log/snort. The "777" will gine everyone the possibility to read, write and execute. Let me know if your problem persist. Best regards, Rodrigo Ramos On Wed, 2004-03-24 at 16:47, ids () san rr com wrote:I'm a little embarrased to admit this but I'm kind of a Linux noob (I'm learning though). When you say permissions do you mean permissions for the Snort user account I created or the Snort application itself. Also can somebody give me the command to give permssions to Snort so it can write to the file (chmod?)? Thanks for all the help! Alan _______________________________________ Hi, Did you create it with the permissions? Did you give permissions to the snort to write on it? Best regards, Rodrigo Ramos http://www.triforsec.com.br http://www.defenselayer.com On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:Hi- I'm a goof and accidently deleted my /var/log/snort/alert file. After I deleted I tried to recreate the file. I noticed that Snort no longer writes alerts to this file. I've tried everything. Can anybody help me? Thanks in advance! Alan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users______________________________________________________________________ Hi, Did you create it with the permissions? Did you give permissions to the snort to write on it? Best regards, Rodrigo Ramos http://www.triforsec.com.br http://www.defenselayer.com On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:Hi- I'm a goof and accidently deleted my /var/log/snort/alert file. After I deleted I tried to recreate the file. I noticed that Snort no longer writes alerts to this file. I've tried everything. Can anybody help me? Thanks in advance! Alan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users______________________________________________________________________ Ok, let's go You need to give permissions to the snort. It needs to write in the /var/log/snort. Before anything you need to pass this path in your line, preceded by the swtch "-l" Format: -l /var/log/snort. If you are on a ---test--- environment, just type chmod 777 /var/log/snort. The "777" will gine everyone the possibility to read, write and execute. Let me know if your problem persist. Best regards, Rodrigo Ramos On Wed, 2004-03-24 at 16:47, ids () san rr com wrote:I'm a little embarrased to admit this but I'm kind of a Linux noob (I'm learning though). When you say permissions do you mean permissions for the Snort user account I created or the Snort application itself. Also can somebody give me the command to give permssions to Snort so it can write to the file (chmod?)? Thanks for all the help! Alan _______________________________________ Hi, Did you create it with the permissions? Did you give permissions to the snort to write on it? Best regards, Rodrigo Ramos http://www.triforsec.com.br http://www.defenselayer.com On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:Hi- I'm a goof and accidently deleted my /var/log/snort/alert file. After I deleted I tried to recreate the file. I noticed that Snort no longer writes alerts to this file. I've tried everything. Can anybody help me? Thanks in advance! Alan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users______________________________________________________________________ Hi, Did you create it with the permissions? Did you give permissions to the snort to write on it? Best regards, Rodrigo Ramos http://www.triforsec.com.br http://www.defenselayer.com On Wed, 2004-03-24 at 15:06, ids () san rr com wrote:Hi- I'm a goof and accidently deleted my /var/log/snort/alert file. After I deleted I tried to recreate the file. I noticed that Snort no longer writes alerts to this file. I've tried everything. Can anybody help me? Thanks in advance! Alan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort not logging to the /var/log/snort/alert file ids (Mar 24)
- RE: Snort not logging to the /var/log/snort/alert file Jim Hendrick (Mar 24)
- Re: Snort not logging to the /var/log/snort/alert file Christopher Cramer (Mar 25)
- <Possible follow-ups>
- Re: RE: Snort not logging to the /var/log/snort/alert file ids (Mar 24)
- RE: RE: Snort not logging to the /var/log/snort/alertfile Jim Hendrick (Mar 24)
- Great news! Snort not logging to the /var/log/snort/aler tfile Alan (Mar 25)
- RE: Great news! Snort not logging to the /var/log/snort/aler tfile Jim Hendrick (Mar 25)
- RE: RE: Snort not logging to the /var/log/snort/alertfile Jim Hendrick (Mar 24)
- Re: RE: Snort not logging to the /var/log/snort/alert file twig les (Mar 24)