--WhfpMioaduB5tiZL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
* Andrew Lau ([EMAIL PROTECTED]) [020202 00:34]: > Hi everyone, > It's been over a month since I submitted bug report #124169 to > the BTS and snort's maintainer, Robert van der Meulen > <rvdm at debian dot org>, has not yet replied to me. This bug report is > effectively holding me back from releasing a fully operational > razorback (ITP #115609) package to accompany Debian's snort > package. Pasted below is a copy of that bug report: >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D >=20 > Package: snort > Version: 1.8p1-1 > Severity: normal >=20 > Dear Robert, > I currently have an ITP to razorback > <http://www.intersectalliance.com/projects/RazorBack/> which is a > GNOME front-end to snort. Razorback requires access to /var/log/secure > in order to provide real time monitoring of snort's status. After > reading the documentation to snort it would seem that snort is meant > to log by default to /var/log/secure as enabled by -s in the man page > and the option you specified in /etc/snort/snort.conf: >=20 > -s Send alert messages to syslog. On Linux boxen, > they will appear in /var/log/secure, /var/log/messages > on many other platforms. >=20 > However this file doesn't exist or logged to even if the file is > created by hand. Isn't this really an issue with syslog? You're correct; this file doesn't exist. It looks like -s makes snort send logging data to syslog, whose output files are configured in /etc/syslog.conf . There's no reference to /var/log/secure in the stock debian syslog configuration, and /var/log/snort/... seems more like the correct "debian" way of doing things. Someone more knowledgeable about debian's log policy may be able to confirm or deny my guesses, or you could read through the policy manual. Maybe razorback should be configured to use something other than /var/log/secure, perhaps /var/log/snort/<whatever> . (I don't have snort installed so I don't know what the actual filenames are.) I hope these clues can give you a start in the right direction. good times, Vineet --=20 Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume/ --=20 "I disapprove of what you say, but I will defend to the death your right to say it." --Beatrice Hall, The Friends of Voltaire, 1906 --WhfpMioaduB5tiZL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjxgkmsACgkQ7z3S33fUb9FGZgCfQAgHmGmLPKrRog1TTF24r5OE /ZUAoIscg5Vg/P45b/km7zdy39dSbNMS =gvbz -----END PGP SIGNATURE----- --WhfpMioaduB5tiZL-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
