Snort mailing list archives
New User -- Ownership and Logging Questions
From: Brian Dellinger <mysticalvbc () softhome net>
Date: 14 Feb 2003 16:10:47 -0500
Greetings all... I have worked with snort binary dumps in the past and have read some of Northcutt's books, but just yesterday fired up snort for the first time. I spent the last few days going through the manual and the FAQ, but I have two questions... These may be "thick headed-newbie, missed it in the man" type things and if so I apologize. I really did try to find the answers on my own in the docs before posting. 1) I am running snort using sudo because RH8 won't let my user account put the card in promiscuous mode as a user. I don't *want* to run as root, so I've been doing "sudo snort -b -c snort.conf -l ./snortlog". Q: Any output from snort is then owned and locked to root. Is there an easy way to specify the owner of the output or to run cleanly in my user context? 2) As above, I'm using the command "sudo snort -b -c snort.conf -l ./snortlog"... From what I thought, using the binary switch would dump all packets into the ./snortlog/snort.log.123456789 file. It appears, however, that packets get filed based on the attack profile (portscan). Is this a property in snort or in the ruleset? I'd prefer to have all packets that trigger alerts dumped into the same log file. Again... I apologize if this is old hash. Feel free to respond privately if appropriate. Sincerely, B ------------------------------- MysticalDluxe--at--softhome.net "You know what? Someone once said that we have nothing to fear but fear itse... GET DOWN NOW!!" > J'adam Wyatt waxing Philo -- ----------------------------- Mysticalvbc--at--softhome.net Duh Quote: "...voluntary adoption of cybersecurity won't work and [government] has failed to use market forces to compel private sector compliance with security needs." Report on the National Strategy to Secure Cyberspace e ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New User -- Ownership and Logging Questions Brian Dellinger (Feb 14)
- Re: New User -- Ownership and Logging Questions Erek Adams (Feb 14)