Snort mailing list archives
Re: no IDS logs from snort
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 11 Mar 2013 11:53:45 -0500
On 3/8/2013 17:44, Kevin Thomas wrote:
This is the contents of the /etc/snort directory. The files owned by root:root were created by me. -rw-r--r-- 1 root root 152 2013-03-06 18:13 readme.txt drwxr-xr-x 2 nobody nobody 12288 2013-03-06 23:37 rules -rw-r--r-- 1 nobody nobody 19506 2013-03-06 23:57 snort.conf -rw-r--r-- 1 nobody nobody 19506 2013-02-16 11:03 snort.conf.orig -rwxr-xr-x 1 root root 73 2013-03-06 18:38 snort-test.sh -rwxr-xr-x 1 root root 29 2013-03-07 00:01 start.sh -rwxr-xr-x 1 root root 28 2013-03-07 00:02 stop.sh -rw-r--r-- 1 nobody nobody 160606 2013-02-16 11:03 unicode.map -rw-r--r-- 1 root root 104 2013-03-07 00:03 vars
what are the contents of this vars file? what creates it? when?
# taken from /etc/snort vars #ipvar HOME_NET any # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any
i ask about that vars file because it is referenced above... you did not post your entire snort.conf so i can't see if there's an "include /etc/snort/vars" line in it as is indicated there should be... i'm thinking that file may need to be nobody:nobody because snort is likely running as nobody... that's the way we do it anyway ;) ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- no IDS logs from snort Kevin Thomas (Mar 06)
- Re: no IDS logs from snort James Lay (Mar 07)
- Re: no IDS logs from snort Kevin Thomas (Mar 11)
- Re: no IDS logs from snort Kevin Thomas (Mar 08)
- Re: no IDS logs from snort Ray Caparros (Mar 09)
- Re: no IDS logs from snort waldo kitty (Mar 09)
- Re: no IDS logs from snort Kevin Thomas (Mar 08)
- Re: no IDS logs from snort waldo kitty (Mar 11)
- Re: no IDS logs from snort waldo kitty (Mar 11)
- Re: no IDS logs from snort Kevin Thomas (Mar 11)
- Re: no IDS logs from snort Ray Caparros (Mar 11)
- Re: no IDS logs from snort Joel Esler (Mar 11)
- Re: no IDS logs from snort waldo kitty (Mar 11)