Smeserver7.1.2 - what goes wrong Snort??

daley

Smeserver7.1.2 - what goes wrong Snort??

« on: March 19, 2007, 05:39:06 PM »

Hi,

I am not sure what is error occurred to the snortd setup, but it seeks fine with the configuration during setup, the setup is refer http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=39

I can access https://ns1/base page, however, this page doesn't correct any information.

I am using smeserver7.1.2 - Server and Gateway.

[root@ns1 ~]# ps -ef | grep snort
root 2223 1 3 Mar19 ? 00:09:00 runsvdir -P /service log: var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?
root 2487 2223 13 Mar19 ? 00:37:14 runsv snortd
root 5917 2487 0 Mar19 ? 00:00:00 /usr/sbin/snort -i ppp0 -u snort -g snort -c /etc/snort/snort.conf -K ascii -p
root 32128 14992 0 00:22 pts/1 00:00:00 grep snort

[root@ns1 ~]# uptime
00:25:01 up 4:39, 1 user, load average: 1.90, 1.94, 1.99

Logged

pfloor

889
+1/-0

Smeserver7.1.2 - what goes wrong Snort??

« Reply #1 on: March 19, 2007, 05:50:59 PM »

Moving to contrib section, snort is not part of the base.

Logged

In life, you must either "Push, Pull or Get out of the way!"

smeghead

563
+0/-0

Smeserver7.1.2 - what goes wrong Snort??

« Reply #2 on: March 20, 2007, 06:56:03 AM »

Looks like the permissions/ownership settings for the /var/log/snortd folder are wrong.

Logged

..................

daley

Smeserver7.1.2 - what goes wrong Snort??

« Reply #3 on: March 20, 2007, 01:22:42 PM »

What should be the right permissions/ownership settings?

Here what i got from my smeserver 7.1.2...

[root@ns1 log]# ls -al /var/log/snort*
/var/log/snort:
total 8
drwxr-xr-x 2 snort snort 4096 Mar 22 2006 .
drwxr-xr-x 49 root root 4096 Mar 20 04:02 ..

/var/log/snortd:
total 8
drwxr-xr-x 2 root root 4096 Jul 18 2006 .
drwxr-xr-x 49 root root 4096 Mar 20 04:02 ..
[root@ns1 log]#

Thanks,
Daley

Logged

MasterSleepy

386
+0/-0

Smeserver7.1.2 - what goes wrong Snort??

« Reply #4 on: March 20, 2007, 04:42:59 PM »

Hello,

Witch version of snort rpm do you use?
Because that problem should be solved in lastest release.
http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=viewsdownload&sid=52&orderby=dateD

Otherwise you can launch

Code: [Select]

chown -R snort:snort /var/log/snortd

Regards.

Logged

daley

Smeserver7.1.2 - what goes wrong Snort??

« Reply #5 on: March 20, 2007, 05:18:22 PM »

I am running this version "smeserver-snort-2.6.1.3-1.i386.rpm".

i have chown -R snort:snort /var/log/snortd ...

[root@ns1 log]# ls -al snort*
snort:
total 8
drwxr-xr-x 2 snort snort 4096 Mar 22 2006 .
drwxr-xr-x 49 root root 4096 Mar 20 04:02 ..

snortd:
total 8
drwxr-xr-x 2 snort snort 4096 Jul 18 2006 .
drwxr-xr-x 49 root root 4096 Mar 20 04:02 ..
[root@ns1 log]#

Logged

grunt

I Tried All this..

« Reply #6 on: April 17, 2007, 07:19:00 PM »

And still can't get snort to log any errors. It does not appear to be Base, as the DataBase shows that there are not any alerts.

Any ideas?

Thanks,
Ed

Logged