[Snort-devel] Possible bug ????

Linus Hindmarsh linus at ...1618...
Sat Oct 12 10:55:05 EDT 2002


Hi

Not sure if this is a bug or me missing something, anyway, I recently
upgraded from 1.8.7 to 1.9.0 using the RPM binaries, however when I went
to start snort using the script that I used for 1.8.7

-------------------------------------------
# Specify your network interface here
INTERFACE=ppp0

# See how we were called.
case "$1" in
  start)
        echo -n "Starting snort: "
        cd /var/log/snort
        daemon /usr/sbin/snort -A fast -b -l /var/log/snort -d -D -s\
                 -i $INTERFACE -c /etc/snort/snort.conf
        touch /var/lock/subsys/snort
------------------------------------------- etc etc

I got the following error in syslog

-------------------------------------------
Oct 11 19:09:21 kylie snort: Initializing Output Plugins!
Oct 11 19:09:21 kylie kernel: eth0: Setting promiscuous mode.
Oct 11 19:09:21 kylie kernel: device eth0 entered promiscuous mode
Oct 11 19:09:21 kylie snort: ERROR: OpenPcap() FSM compilation failed:
^Iparse
error
Oct 11 19:09:21 kylie snort: FATAL ERROR: PCAP command: ppp0
Oct 11 19:09:21 kylie kernel: device eth0 left promiscuous mode
Oct 11 19:09:21 kylie snortd: snort startup failed
--------------------------------------------

After tearing my hair out and through a process of elimination, I
tracked it down to the "-s" command line option. Removing this enables
snort to start properly.

Using "snort --help" indicates that "-s" is a valid option, so I am not
sure that what the deal is. 

Cheers
Linus Hindmarsh







More information about the Snort-devel mailing list