Snort - [Snort-users] Can't put log message to the special directory

Author

[Snort-users] Can't put log message to the special directory

Peixiao Guo

2004-09-27, 8:45 pm

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4A4FF.C6E47651
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I made a first test using snort. But I can't get log message the special
directory.

Here is my snort.conf:

output alert_fast: /home/snort/fst.log

log tcp any any -> any 80 (flags:S;)

I just want to put the "alert_fast" message to the file
/home/snort/fst.log, but I will get an error if I run this command:

snort -c snort.conf -d

the err messages as below:

Running in IDS mode

Log directory =3D /var/log/snort

ERROR:=20

[!] ERROR: Can not get write access to logging directory
"/var/log/snort".

(directory doesn't exist or permissions are set incorrectly

or it is not a directory at all)

Fatal Error, Quitting..

When I run this command:

snort -c snort.conf -dl /home/snort/

then all output message will be recorded in IP hierarchy in /home/snort
directory.

=20

I m wandering how to log the output message to a /home/snort/fst.log
file

Can any senior one give me a directive?

Thanks very very much!

=20

Pat Guo

=20

=20

------_=_NextPart_001_01C4A4FF.C6E47651
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">

<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">

<style>

</style>

</head>

<body lang=3DZH-CN link=3Dblue vlink=3Dpurple =
style=3D'text-justify-trim:punctuation'>

<div class=3DSection1 style=3D'layout-grid:15.6pt'>

I made a first test using snort. But I =
can’t get
log message the special directory.

Here is my snort.conf:

output =
alert_fast: /home/snort/fst.log

log tcp any any =
-> any
80 (flags:S;)

I just want to put the “alert_fast” message to the file =
/home/snort/fst.log,
but I will get an error if I run this command:

snort –c =
snort.conf
–d

the err messages as below:

Running in IDS =
mode

Log directory =3D =
/var/log/snort

ERROR: =


[!] ERROR: Can =
not get
write access to logging directory =
"/var/log/snort".

(directory =
doesn't exist
or permissions are set incorrectly

or it is not a =
directory
at all)

Fatal Error, =
Quitting..

When I run this command:

snort –c snort.conf –dl =
/home/snort/

then all output message will be recorded in IP =
hierarchy
in /home/snort directory.

 

I m wandering how to log the output message to =
a /home/snort/fst.log =
file

Can any senior one give me a =
directive?

Thanks very very much!

 

Pat Guo

 

 

</div>

</body>

</html>

------_=_NextPart_001_01C4A4FF.C6E47651--

-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users