[Snort-users] ERROR: OpenPcap() FSM compilation failed:

Aaron McKinnon aaron at ...1376...
Thu Mar 22 20:37:58 EST 2001

actually... I somehow never had the correct libcap installed...

My other problem is getting sortrotate to work - when I run it manually I

./snortrotate.sh: ./snortrotate.sh: line 109: syntax error: unexpected end
of file

That is my "Mail the logs stuff...":

# Mail out the log files for today.

cat $weeklogs/$dirdate/snort.alert | mail -s "Snort logs"
sysadmin at ...1376...
cat $weeklogs/$dirdate/snort_portscan.log | mail -s "Snort portscan logs"
sysadmin at ...1376...

Any ideas here?

Thanks again!

Aaron McKinnon
System Administrator
Fullerene Productions, Inc.
3250 Wilshire Blvd. Suite 2000
Los Angeles, CA 90010

-----Original Message-----
From: joey [mailto:joey]On Behalf Of Joe McAlerney
Sent: Thursday, March 22, 2001 5:21 PM
To: Aaron McKinnon
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ERROR: OpenPcap() FSM compilation failed:

I believe it's interpreting snort.conf as a bpf filter.  You need to
place the -c option after the -v, or snort.conf between the two.

-Joe M.

|   Joe McAlerney     joey at ...155...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

Aaron McKinnon wrote:
> Just downloaded the latest version of snort.conf and all the rules. I
> untarred them into /etc/snort/rules_conf, changed the new snort.conf file
> match my system, and tried to fire snort up and I'm getting a strange
> [root at ...1377... rules_conf]# /usr/sbin/snort -c -v snort.conf
>         --== Initializing Snort ==--
> Initializing Network Interface eth0
> ERROR: OpenPcap() FSM compilation failed:
>         parse error
> PCAP command: snort.conf

More information about the Snort-users mailing list