Snort: /var/log/snort does not exist

wsduvall · 2009-02-12 21:11:29

Hey guys,

I'm trying to get snort working on my middle box... When I try and run start snort (/etc/rc.d/snort start), it would fail and give me no output. So for debugging purposes, I looked at the rc script and figured out it was running this command.

[wsduvall@Sebek ~]$ snort -l /var/log/snort -K ascii -c /etc/snort/snort.conf -A full -b -D -p -u snort -g snort -i eth0 -c /etc/snort/snort.conf
ERROR: log directory '/var/log/snort' does not exist
Fatal Error, Quitting..
[wsduvall@Sebek ~]$

It claims that /var/log/snort does not exist. But it does...

[wsduvall@Sebek ~]$ ls -l /var/log/
...
drwxr-xr-x 2 snort snort    4096 Feb 12 15:53 snort
...

Anybody got any ideas?

ryeseisi · 2009-02-12 22:31:20

Try running snort as root or with sudo? Don't know if you actually need to, but try it.

Also try changing the permissions on /var/log/snort/ to allow group and other to write as well and see if maybe you have a permissions problem.

wsduvall · 2009-02-13 04:00:38

Hmm this is weird... it seems to work when I use sudo, but when I try the rc.d scrip as sudo, it doesn't work...

ryeseisi · 2009-02-13 22:21:54

Check the permissions on the /etc/rc.d script as well as possibly taking a look at the contents of /etc/snort.conf. Again, I don't know much about snort but check these out and see if it leads you anywhere.

Arch Linux

#1 2009-02-12 21:11:29

Snort: /var/log/snort does not exist

#2 2009-02-12 22:31:20

Re: Snort: /var/log/snort does not exist

#3 2009-02-13 04:00:38

Re: Snort: /var/log/snort does not exist

#4 2009-02-13 22:21:54

Re: Snort: /var/log/snort does not exist

Board footer