Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: daley on March 19, 2007, 05:39:06 PM

Title: Smeserver7.1.2 - what goes wrong Snort??
Post by: daley on March 19, 2007, 05:39:06 PM

Hi,

I am not sure what is error occurred to the snortd setup, but it seeks fine with the configuration during setup, the setup is refer http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=39

I can access https://ns1/base page, however, this page doesn't correct any information.

I am using smeserver7.1.2 - Server and Gateway.

[root@ns1 ~]# ps -ef | grep snort
root      2223     1  3 Mar19 ?        00:09:00 runsvdir -P /service log: var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?multilog: fatal: unable to lock directory /var/log/snortd: access denied?
root      2487  2223 13 Mar19 ?        00:37:14 runsv snortd
root      5917  2487  0 Mar19 ?        00:00:00 /usr/sbin/snort -i ppp0 -u snort -g snort -c /etc/snort/snort.conf -K ascii -p
root     32128 14992  0 00:22 pts/1    00:00:00 grep snort

[root@ns1 ~]# uptime
 00:25:01 up  4:39,  1 user,  load average: 1.90, 1.94, 1.99

Title: Smeserver7.1.2 - what goes wrong Snort??
Post by: pfloor on March 19, 2007, 05:50:59 PM

Moving to contrib section, snort is not part of the base.

Title: Smeserver7.1.2 - what goes wrong Snort??
Post by: smeghead on March 20, 2007, 06:56:03 AM

Looks like the permissions/ownership settings for the /var/log/snortd folder are wrong.

Title: Smeserver7.1.2 - what goes wrong Snort??
Post by: daley on March 20, 2007, 01:22:42 PM

What should be the right permissions/ownership settings?

Here what i got from my smeserver 7.1.2...

[root@ns1 log]# ls -al /var/log/snort*
/var/log/snort:
total 8
drwxr-xr-x   2 snort snort 4096 Mar 22  2006 .
drwxr-xr-x  49 root  root  4096 Mar 20 04:02 ..

/var/log/snortd:
total 8
drwxr-xr-x   2 root root 4096 Jul 18  2006 .
drwxr-xr-x  49 root root 4096 Mar 20 04:02 ..
[root@ns1 log]#

Thanks,
Daley

Title: Smeserver7.1.2 - what goes wrong Snort??
Post by: MasterSleepy on March 20, 2007, 04:42:59 PM

Hello,

Witch version of snort rpm do you use?
Because that problem should be solved in lastest release.
http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=viewsdownload&sid=52&orderby=dateD

Otherwise you can launch

Code: [Select]

chown -R snort:snort /var/log/snortd

Regards.

Title: Smeserver7.1.2 - what goes wrong Snort??
Post by: daley on March 20, 2007, 05:18:22 PM

I am running this version "smeserver-snort-2.6.1.3-1.i386.rpm".

i have chown -R snort:snort /var/log/snortd ...

[root@ns1 log]# ls -al snort*
snort:
total 8
drwxr-xr-x   2 snort snort 4096 Mar 22  2006 .
drwxr-xr-x  49 root  root  4096 Mar 20 04:02 ..

snortd:
total 8
drwxr-xr-x   2 snort snort 4096 Jul 18  2006 .
drwxr-xr-x  49 root  root  4096 Mar 20 04:02 ..
[root@ns1 log]#

Title: I Tried All this..
Post by: grunt on April 17, 2007, 07:19:00 PM

And still can't get snort to log any errors. It does not appear to be Base, as the DataBase shows that there are not any alerts.

Any ideas?

Thanks,
Ed