[Snort-devel] Snort-devel Digest, Vol 114, Issue 2

rahul yadav cseyadav at ...2499...
Mon Jan 18 05:43:36 EST 2016


This  message come when log(pcap)  file is not is standard TCPDUMP log
fromat ,
which is printed by matching magic number present in header of file.

try reading same file with tcpdump instead of snort.
snort log is not a standard pcap file format , so it neither an error with
snort nor with log file.
as far as i know .

thanks
Rahul


Running in packet dump mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> pcap DAQ configured to read-file.
> ERROR: Can't initialize DAQ pcap (-1) - bad dump file format
> Fatal Error, Quitting..

On Fri, Jan 15, 2016 at 5:00 AM, <snort-devel-request at lists.sourceforge.net>
wrote:

> Send Snort-devel mailing list submissions to
>         snort-devel at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/snort-devel
> or, via email, send a message with subject or body 'help' to
>         snort-devel-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>         snort-devel-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-devel digest..."
>
>
> Today's Topics:
>
>    1. Fwd: Error in log file of Snort (Ajay Khadpe)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 15 Jan 2016 15:30:30 +0530
> From: Ajay Khadpe <khadpeajay797 at ...2499...>
> Subject: [Snort-devel] Fwd: Error in log file of Snort
> To: snort-devel at lists.sourceforge.net
> Message-ID:
>         <
> CAFWxWd69HyvLo8uaMfkj24rdB6s8R74QrRvPAVsciaXFS9R3hw at ...2500...>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
>  I have configures snort into inline mode with DAQ as NFq. I am able to
> drop packets also. But logs that generated are showing error.
>
> Following is sample of error:
>
> snort -r /var/log/snort/snort.log.1294747044
> > Running in packet dump mode
> >
> >         --== Initializing Snort ==--
> > Initializing Output Plugins!
> > pcap DAQ configured to read-file.
> > ERROR: Can't initialize DAQ pcap (-1) - bad dump file format
> > Fatal Error, Quitting..
>
>
> Please see attached configuration file and tell me how I will avoid this
> error?
>
> --
> Thanks & Regards
>  Khadpe Ajay
>          JS
>
>
>
>
> --
> Thanks & Regards
>  Khadpe Ajay
>          JS
> -------------- next part --------------
> An HTML attachment was scrubbed...
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: snort.conf
> Type: application/octet-stream
> Size: 28315 bytes
> Desc: not available
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
> ------------------------------
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
> End of Snort-devel Digest, Vol 114, Issue 2
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160118/ab5d6dd4/attachment.html>


More information about the Snort-devel mailing list