Hello everybody,
I'm LiemPT, a network admin of Hanoi University of Technology.
I've found many useful information in your website, honeynet.org,
especially Honeywall CDROM.
I installed it a month ago.
Everything seems fine but snort_inline log.
I cannot view snort_inline_fast, snort_inline_full through Walleye,
The size of log file always 0.
###
[EMAIL PROTECTED] ~]# ls -al /var/log/snort_inline/20070626
total 8
drwxr-xr-x 2 snort snort 4096 Jun 26 15:47 .
drwxr-xr-x 8 snort snort 4096 Jun 26 15:47 ..
-rw------- 1 root root 0 Jun 26 00:05 snort_inline-fast
-rw------- 1 root root 0 Jun 26 00:05 snort_inline-full
-rw------- 1 root root 0 Jun 26 00:05 tcpdump.log.1182816315
-rw------- 1 root root 0 Jun 26 15:11 tcpdump.log.1182870665
-rw------- 1 root root 0 Jun 26 15:47 tcpdump.log.1182872873
###
But I can view snort log file normally:
[EMAIL PROTECTED] ~]# ls -al /var/log/snort/20070626
total 136
drwxr-xr-x 2 snort snort 4096 Jun 26 00:04 .
drwxr-xr-x 10 snort snort 4096 Jun 26 15:23 ..
-rw------- 1 root root 37685 Jun 26 16:07 snort_fast
-rw------- 1 root root 80898 Jun 26 16:07 snort_full
I also added the USER parameter in /etc/init.d/hflow-snort_inline:
${SNORT} -D -c ${CONF} -Q -l $DIR/$DATE -u ${USER} -t $DIR
but in the /var/log/messages appears this line.
Jun 26 15:47:53 roo snort[20334]: Cannot set uid and gid when running
Snort in inline mode.
It seems that I can not change the user to run snort_inline.
My snort_inline dropped packets as I want but it didn't alert me anything.
How can I solve this problem?
Thank you very much.
Brgds.
LiemPT.
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
