[Snort-users] ERROR: OpenPcap() FSM compilation failed:

Aaron McKinnon aaron at ...1376...
Thu Mar 22 20:37:58 EST 2001


actually... I somehow never had the correct libcap installed...

My other problem is getting sortrotate to work - when I run it manually I
get:

./snortrotate.sh: ./snortrotate.sh: line 109: syntax error: unexpected end
of file

That is my "Mail the logs stuff...":

# Mail out the log files for today.

cat $weeklogs/$dirdate/snort.alert | mail -s "Snort logs"
sysadmin at ...1376...
cat $weeklogs/$dirdate/snort_portscan.log | mail -s "Snort portscan logs"
sysadmin at ...1376...

Any ideas here?

Thanks again!

-----------------------------------
Aaron McKinnon
System Administrator
Fullerene Productions, Inc.
3250 Wilshire Blvd. Suite 2000
Los Angeles, CA 90010
213.365.1692
-----------------------------------

-----Original Message-----
From: joey [mailto:joey]On Behalf Of Joe McAlerney
Sent: Thursday, March 22, 2001 5:21 PM
To: Aaron McKinnon
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ERROR: OpenPcap() FSM compilation failed:


I believe it's interpreting snort.conf as a bpf filter.  You need to
place the -c option after the -v, or snort.conf between the two.

-Joe M.

--
|   Joe McAlerney     joey at ...155...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

Aaron McKinnon wrote:
>
> Just downloaded the latest version of snort.conf and all the rules. I
> untarred them into /etc/snort/rules_conf, changed the new snort.conf file
to
> match my system, and tried to fire snort up and I'm getting a strange
error:
>
> [root at ...1377... rules_conf]# /usr/sbin/snort -c -v snort.conf
>
>         --== Initializing Snort ==--
>
> Initializing Network Interface eth0
> ERROR: OpenPcap() FSM compilation failed:
>         parse error
> PCAP command: snort.conf





More information about the Snort-users mailing list