[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions

Quoting Matt Zimmerman (mdz@debian.org):
> The -s option means just what it says; it sends alert messages to syslog.
> Where they end up depends entirely on the syslog configuration, and has
> nothing to do with snort.  The statement about /var/log/secure contains a
> tacit assumption about how syslog is configured (I'm guessing that some
> Linux distribution(s) have such a logfile by default).  With Debian's
> default syslog configuration, such things end up in /var/log/auth.log.
Indeed. Snort default logs to the 'auth' facility, which might end up in
/var/log/auth.log. The 'snort-stat' script finds out where snort logs, by
doing something like syslogd-listfiles --auth.

> I see no problem with allowing group snort to read the logfiles.
> Unfortunately, there are more important problems with snort at the moment,
> so when the maintainer has time, he still may not be able to process your
> request.
This is an important problem. I have released a new snort version, fixing
quite some of the bugs opened against it, a couple of days ago.

Andrew; you're right about the bug, and you're right about the slow
bug-fixing of snort (and other packages).
If you had taken a better look, though, you could've seen there is activity
on my side, and you could've dropped me a note in private before hopping off
to debian-devel (which would be the 'nicer' solution).


			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
	"You must have an IQ of at least half a million."  -- Popeye

Reply to: