Snort mailing list archives
RE: Fatal Error OpenLogFile
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 25 Jul 2001 20:06:27 -0700 (PDT)
On Wed, 25 Jul 2001, Scott wrote:
I have tried to get snort to run as owner/group of snort, but it won't. I'm using snort 1.8 build 43. It will only run as root and only write logs for root/root. Any suggestions as to how I would go about making snort run and log as owner/group snort?
Short answer: Painfully.
BTW here is how I'm starting snort daemon /usr/sbin/snort -u root -g root -s -d -D \ -i eth1 -l /var/log/snort -c /etc/snort/snort.conf touch /var/lock/subsys/snort I have tried changing the -u and -g to snort which is a group in my groups files and I've changed the /var/log/snort to owner/group of snort. When owner/group is snort and /var/log/snort is also group/owner snort I still get the OpenLogFile error.
Longer Answer: I've been wrestling with this for a while. I've gotten it to work--sorta. I can start snort as snort and chroot it. But... if I HUP it, it dies. Anyway, it is possible, just not easy. I'm not sure what OS you're on, but many/most *nix boxes have some sort of trace utility. trace, strace, and truss are the ones I've used before. Start snort under a trace, just as you do normally. You should see what is causing the 'cant open...' message. You might want to send it to a file, so you can parse thru at your liesure. Good luck. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Fatal Error OpenLogFile Chris Owen (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- Re: Fatal Error OpenLogFile J. C. Woods (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- RE: Fatal Error OpenLogFile Erek Adams (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- RE: Fatal Error OpenLogFile Erek Adams (Jul 26)
- Individual rule msg definitions Scott (Jul 26)
- Re: Individual rule msg definitions Dragos Ruiu (Jul 27)
- RE: Individual rule msg definitions Scott (Jul 27)
- Re: Individual rule msg definitions Chris Green (Jul 27)
- RE: Fatal Error OpenLogFile Scott (Jul 25)
- <Possible follow-ups>
- RE: Fatal Error OpenLogFile Klimarchuk John (Jul 25)