Snort mailing list archives

Re: RE: Snort not logging to the /var/log/snort/alert file

From: "Shawn Kottke" <skottke () DATALINK com>
Date: Wed, 24 Mar 2004 21:46:51 -0600


I believe in one of your previous emails you mentioned that snort had been working with mysql. Are the alerts being 
written there and not to the alert file?



Shawn Kottke
Datalink Corporation


-----Original Message-----
From: snort-users-admin () lists sourceforge net <snort-users-admin () lists sourceforge net>
To: ids () san rr com <ids () san rr com>; Jim Hendrick <jrhendri () maine rr com>
CC: snort-users () lists sourceforge net <snort-users () lists sourceforge net>
Sent: Wed Mar 24 19:46:10 2004
Subject: Re: RE: [Snort-users] Snort not logging to the /var/log/snort/alert file


--- ids () san rr com wrote:

Jim,

You are right about the chmod 777. I know better then to open
up a file like that. I'm just frustrated trying to get this
fixed. I've tried everything and can't seem to get Snort to
write to the alert file. I also tried your suggestion:

mv /var/log/snort/alert /var/log/snort/alert.old
kill -HUP `cat /var/run/snort_eth0.pid`

and I could not get Snort to recreate the alert file. I think
I'm going to just start from scratch and rebuild Snort again.



Before you wipe the install clean, have you looked at the
permissions of the directory?  Do an ls -l /var/log/snort/ and
see if root owns that.  I've had this problem and once you
figure it out you slap your forehead.  If this is the case a
simple chown -R snort:snort /var/log/snort/ should do it (that's
off the top of my head though, so no biting if it is slightly different).

=====
-----------------------------------------------------------
With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
     --Carl Sagan  
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Snort not logging to the /var/log/snort/alert file, (continued)
- Re: Snort not logging to the /var/log/snort/alert file Rodrigo B. Ramos (Mar 24)
- RE: Snort not logging to the /var/log/snort/alert file Shawn Kottke (Mar 24)
- Re: RE: Snort not logging to the /var/log/snort/alert file ids (Mar 24)
  - Re: RE: Snort not logging to the /var/log/snort/alert file Michael Sconzo (Mar 24)
- Re: RE: Snort not logging to the /var/log/snort/alert file ids (Mar 24)
- Re: Snort not logging to the /var/log/snort/alert file ids (Mar 24)
- RE: Snort not logging to the /var/log/snort/alert file Shawn Kottke (Mar 24)
- RE: Snort not logging to the /var/log/snort/alert file Shawn Kottke (Mar 24)
- Re: RE: Snort not logging to the /var/log/snort/alert file ids (Mar 24)
- Re: RE: Snort not logging to the /var/log/snort/alert file Shawn Kottke (Mar 24)
- Re: RE: Snort not logging to the /var/log/snort/alert file Shawn Kottke (Mar 24)
- Snort not logging to the /var/log/snort/alert file ids (Mar 26)