[EMAIL PROTECTED] writes:
> Did he also correct the permissions on the /var/log/snort directory? Snort
> was not able to create the IP directories because snort was not the owner
> and permissions were set to drw------- instead of drwx------.
>
> Steve
Hi there,
I have just updated the cvs again with the new modified files:
1. /usr/share/naat/templates/etc/snort/snort.conf (checks out on all the
internal interfaces for all types of networks A, B and C)
2. /usr/share/naat/templates/etc/init.d/snortd (small typo that gave an error
while turining off the firewall)
3. update the events
4. /usr/share/naat/templates/usr/share/naat/scripts/snortsnarf.sh (same as
1.)
now, speaking of permissions, while typing "ps auwx" you can checkout that
snort has been started with the "-s" option. That means that all the alert
messages are send to /var/log/syslog. Then I use a program calles SnortSnarf to parse
that
file and generate the Html tree. You can use the "Monitoring->Logs->Snort
Reports" section to acces it from your web browser.
So, I don't use the /var/log/snort directory at all ;)
Keep in mind that this is a very basic setup of snort<->SnortSnarf. We
will certainly improve it in the future and any ideas are welcomed
depending on your needs.
cheers,
--
Florin http://www.mandrakesoft.com
