Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
Quoting Matt Zimmerman (email@example.com):
> The -s option means just what it says; it sends alert messages to syslog.
> Where they end up depends entirely on the syslog configuration, and has
> nothing to do with snort. The statement about /var/log/secure contains a
> tacit assumption about how syslog is configured (I'm guessing that some
> Linux distribution(s) have such a logfile by default). With Debian's
> default syslog configuration, such things end up in /var/log/auth.log.
Indeed. Snort default logs to the 'auth' facility, which might end up in
/var/log/auth.log. The 'snort-stat' script finds out where snort logs, by
doing something like syslogd-listfiles --auth.
> I see no problem with allowing group snort to read the logfiles.
> Unfortunately, there are more important problems with snort at the moment,
> so when the maintainer has time, he still may not be able to process your
This is an important problem. I have released a new snort version, fixing
quite some of the bugs opened against it, a couple of days ago.
Andrew; you're right about the bug, and you're right about the slow
bug-fixing of snort (and other packages).
If you had taken a better look, though, you could've seen there is activity
on my side, and you could've dropped me a note in private before hopping off
to debian-devel (which would be the 'nicer' solution).
encrypted mail preferred. finger firstname.lastname@example.org for my GnuPG/PGP key.
"You must have an IQ of at least half a million." -- Popeye