Snort mailing list archives
Interesting snort, chroot, syslog behavior
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 22 Feb 2006 18:24:43 -0700
So...here's the startup line: /chroot/snort/usr/sbin/snort -u nobody -g nobody -i eth0 -D -o -c /chroot/snort/etc/snort/snort.conf -l /chroot/snort/var/log/snort -t /chroot Relevant snort.conf syslog entries: output alert_syslog: LOG_AUTH LOG_ALERT syslog startup command: /usr/sbin/syslogd -r -m 0 -a /chroot/snort/dev/log When testing, running snort with (same as above just without -D): /chroot/snort/usr/sbin/snort -u nobody -g nobody -i eth0 -o -c /chroot/snort/etc/snort/snort.conf -l /chroot/snort/var/log/snort -t /chroot I get no syslog entries. If run as above, syslog works fine. Is there a reason for that? Thanks! James ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Interesting snort, chroot, syslog behavior James Lay (Feb 22)