RE: Error running snort

["Mr. venkat" <mvr_it () hotmail com>]

My log directory has all permissions.

If I specify the logdir. path in commandline all the packets are being 
logged
but I dont want to log all the packets otherthan alerts. I used -N in 
command line along with
-l path .Now it is generating only alerts but how can I make sure it is 
working correct.

I used the below settings in snort.conf

# output alert_syslog: LOG_AUTH LOG_ALERT
output alert_fast:alert.ids

Any idea why it is displaying error if I dnot specify the log directory in 
command line.


One more question..
I want to use flexresp.
Any body can tell me what are the settings for it and command line options.
I searched manuals but no information about flexresp settings.

Thanks,
VR.



> From: "Snort" <Snort () InterCept Net>
> To: "Mr. venkat" <mvr_it () hotmail com>,<Snort-users () lists sourceforge net>
> Subject: RE: [Snort-users] Error running snort
> Date: Fri, 18 Mar 2005 15:11:59 -0500
>
> You need to specify a log directory in your command line string
>
> -l /usr/local/snort/log/
>
> Or
> -l /tmp/snort
>
> Doesn't matter, just needs to be a writeable directory
>
> Thanks,
> Michael Brown,
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mr. venkat
> Posted At: Friday, March 18, 2005 2:45 AM
> Posted To: Snort
> Conversation: [Snort-users] Error running snort
> Subject: [Snort-users] Error running snort
>
> Hi,
>   I am new to snortand  using snort-2.3.0 on windows 2k.
> I tried the command in IDS mode.
>
> C:\Snort\bin>snort -A fast -c ../etc/snort.conf
>
> but it is quitting with the message .
> Just I want to log the alerts in a single file only without packet
> logging.
>
> but why I am getting this error .
>
> ERROR:
> [!] ERROR: Can not get write access to logging directory "log".
> (directory doesn't exist or permissions are set incorrectly
> or it is not a directory at all)
>
> Fatal Error, Quitting..
>
>
>
> Any help please...
>
> Also what are the settings for flexresp in snort .conf and is there any
> command line options for it.
>
> --Venkat.
>
> _________________________________________________________________
> Want to meet David Beckham? http://www.msn.co.in/gillette/ Fly to Madrid
>
> with Gillette!
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Screensavers unlimited! http://www.msn.co.in/Download/screensaver/ Download 
now!



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users