Reputation: 71
Snort - Error while running
Running snort (in packet dump mode) with command sudo snort -C snort.conf -A console -i eth0 a following problem occurred:
--== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: snort.conf
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from "eth0".
ERROR: Can't set DAQ BPF filter to 'snort.conf' (pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..
Can someone please suggest a solution?
Upvotes: 0
Views: 31688
Answers (3)
Reputation: 9
just put "-i" before eth0 in command it will solve the problem
Upvotes: 1
Reputation: 653
Try this:
sudo service snort
ps ax|grep snortstart
The output I got was
/usr/sbin/snort -m 027 -D -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i enp4s0
The man page says -D Run Snort in daemon mode. Alerts are sent to /var/log/snort/alert unless otherwise specified.
So when I drop the -D and add the -A
sudo /usr/sbin/snort -m 027 -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i enp4s0 -A console
Works for snort Version 2.9.7.0 GRE (Build 149)
Upvotes: 0
Reputation: 841
You're using the wrong option to load the configuration, it should be the lower case '-c'.
sudo snort -c snort.conf -A console -i eth0
Also, you can test your configuration with '-T' before running it:
sudo snort -T -c snort.conf
Upvotes: 3
Related Questions
- Snort dynamic engine issues on Windows
- ERROR: C:\snort\etc\snort.conf(546) => Invalid argument: include Fatal Error, Quitting
- Snort pcap_inject not located
- Snort Message - WARNING: No preprocessors configured for policy 0
- Snort Error: Active response: can't open ip
- Error while running Snort intrusion detection system
- Snort rule failing to alert to log
- Why I have this error message while i'm trying to verify my snort configuration
- Snort Rules Configuration Issue
- Read the alert log from snort