Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Snort ebuild problem
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message

PostPosted: Tue Jul 02, 2002 1:15 am    Post subject: Snort ebuild problem Reply with quote

The Snort ebuild seems to somewhat broken, config-wise. First of all, the /etc/conf.d/snort file points to a non-existent snort.conf, which causes the -Daemon to die silently. Once that's fixed, the daemon will die silently because the ebuild has it run as "nobody", with whose privileges it can not open or create any of the log files it wants to make.

My question is, what is the best way to set Snort up, short of simply dropping the "-u nobody" from the /etc/conf.d/snort file, which would cause Snort to run as root at all times. I tried chowning the /var/log/snort/ dir to snort.snort (real users and groups, created by the install, which makes me wonder why the ebuild has it running as "nobody" in the first place). For some reason, it still dies, though; it seems like it wants to create SOME the logfiles and dirs as root, but then goes to fopen them as whatever its running as.

So, anybody, have a good way to set this up? I also tried enabling logging through syslog in the snort.conf file, dropping the -l /var/log/snort option, and setting up an appropriate entry in my metalog.conf (yes, I HUPped metalog), but it still wants to log exclusively to /var/log/snort, and dies if it is unable to do so. I searched the forums, and saw only a couple mentions of Snort at all, and no good answers.
Back to top
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum