Snort mailing list archives
Re: Snort & Barnyard permission issue
From: "Bamm Visscher" <bamm.visscher () gmail com>
Date: Thu, 12 Jul 2007 09:44:46 -0600
Use the -m switch with snort to change the file permissions mask (-m 122). Bammkkkk On 7/11/07, マシス・ザッカリー <mashisu_zakku () yahoo co jp> wrote:
I am currently trying to setup Snort-Barnyard-SGUIL on a gentoo machine and am running into permission problems with the unified output files. I am currently running snort from root with the following: snort -u snort -i eth0 -c /etc/snort/snort.conf /var/log/snort It is outputting unified output logs to /var/log/snort but they are created as root for some reason. Therefore, unless i run barnyard as root i get "Unable to open log spool file xxxx Permission denied" as you would expect. When i check with top i can confirm that snort is running as the "snort" user so why are these files being created as root?? I thought i had it working before creating the files as "snort" but for some reason i can only get it to output snort_unified.log as root. If anyone has encountered this issue, please let me know how you resolved it. -------------------------------------- Easy + Joy + Powerful = Yahoo! Bookmarks x Toolbar http://pr.mail.yahoo.co.jp/toolbar/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort & Barnyard permission issues マシス・ザッカリー (Jul 11)
- Re: Snort & Barnyard permission issue Bamm Visscher (Jul 12)