Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: no IDS logs from snort

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 11 Mar 2013 11:53:45 -0500
On 3/8/2013 17:44, Kevin Thomas wrote:

This is the contents of the /etc/snort directory.  The files owned by root:root were created by me.

-rw-r--r-- 1 root   root      152 2013-03-06 18:13 readme.txt
drwxr-xr-x 2 nobody nobody  12288 2013-03-06 23:37 rules
-rw-r--r-- 1 nobody nobody  19506 2013-03-06 23:57 snort.conf
-rw-r--r-- 1 nobody nobody  19506 2013-02-16 11:03 snort.conf.orig
-rwxr-xr-x 1 root   root       73 2013-03-06 18:38 snort-test.sh
-rwxr-xr-x 1 root   root       29 2013-03-07 00:01 start.sh
-rwxr-xr-x 1 root   root       28 2013-03-07 00:02 stop.sh
-rw-r--r-- 1 nobody nobody 160606 2013-02-16 11:03 unicode.map
-rw-r--r-- 1 root   root      104 2013-03-07 00:03 vars


what are the contents of this vars file? what creates it? when?


# taken from /etc/snort vars
#ipvar HOME_NET any

# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET any


i ask about that vars file because it is referenced above... you did not post 
your entire snort.conf so i can't see if there's an "include /etc/snort/vars" 
line in it as is indicated there should be...

i'm thinking that file may need to be nobody:nobody because snort is likely 
running as nobody... that's the way we do it anyway ;)

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: