Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Log file owned by root problem

From: SRH-Lists <giermo () 333tech com>
Date: Mon, 10 May 2004 12:28:36 -0500


Hi,

Snort seems to start fine but the problem is when the log 
files are written the uid/gid is root/root I need them to be 
snort/snort. My startup line is as follows,

snort -c /etc/snort/snort_eth0/snort.conf -i eth0 -u snort -g 
snort

Shouldn't this output a log file with uid/gid snort/snort.
All dirs and files are uid/gid snort/snort and anything else 
I could think of.

If anyone has any suggestion I would greatly appreciate them.

TIA

Dan


snort opens the log file for writing prior to dropping privs to the
UID/GID specified on the commandline.  There is a long explanation as to
why this is, but I am not the one to explain it.

There is, however, a workaround. add a -m 022 to tell snort to use a
umask of 022 for the logfile.

-steve 


-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: