Re: Portscan Error (SnortCenter + ACID)

[Erek Adams <erek () snort org>]

On Tue, 4 Mar 2003, Read, Andrew wrote:

[...snip...]

> At this stage I am manually copping the portscan.log file from the sensor to
> /var/log/snort/ on the Acid box.
>
> I get the following error:
>
> Warning: fopen("/var/log/snort/portscan.log", "r") - Permission denied in
> /var/www/html/acid/acid_stat_ipaddr.php on line 50
> PORTSCAN EVENT ERROR: Unable to open Portscan event file
> '/var/log/snort/portscan.log'
>
> The file will load if I move it to the /var/www/html/acid directory, and
> make the corresponding changes to the acid conf file.
>
> I am not very experienced with linux, and I'm guessing this might be pretty
> straightforward for a lot of you.

I'd hazard a guess to say that it's something to do with the user or the
permissions that ACID is running as.

Do a "ls -l /var/log/snort/portscan.log /var/www/html/acid/portscan.log"
and compare the permissions and file ownerships.  I'd be willing to bet
they are different.

If they aren't then I'd guess that your web server is running in a
chrooted setup, or under a different user than who created the
portscan.log file.  If that's the case, simply chmod the file to what what
you would need (644, I'm guessing).

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users