Installing Snort

43

2.2.3

Errors While Starting Snort

At this point, if you have compiled Snort by yourself, you may see the following

error when starting Snort:

[!] ERROR: Cannot get write access to logging directory "/var/

log/snort".

(directory doesn t exist or permissions are set incorrectly

or it is not a directory at all)

Fatal Error, Quitting..

This error is due to the fact that you have not created the /var/log/snort

directory. Use the  mkdir /var/log/snort  command and the error will go

away.

If you get an error message like the following, you have not specified the Snort

configuration file name correctly on the command line or you started Snort without

specifying a configuration file name.

Initializing rule chains...

ERROR: Unable to open rules file: /root/.snortrc or /root//

root/.snortrc

Fatal Error, Quitting..

Note that you can run Snort without specifying a configuration file name if one of

the following conditions is true:

1. You are in the same directory where the configuration file exists when you start

Snort.

2. You have copied the configuration file in your home directory as .snortrc.

2.2.4

Testing Snort

After starting Snort, you need to know if it is actually capturing data and logging

intruder activity. If you started Snort in the foreground with the   A console  com 

mand line option, you will start seeing alerts on the screen when this script is running.

However, if you have started Snort in the daemon mode and did not use the command

line option mentioned above, alerts will be logged to the /var/log/snort/alert

file.

The following command generates some alerts that you can see on the console or

in the /var/log/snort/alert file. Generation of alerts indicates that Snort is

working properly.