[Snort-users] Error using the -T option

Mike Koponick mike at ...7385...
Tue Dec 10 08:50:06 EST 2002


Hello all,

I just added a second ethernet card to my sensor and am having an issue
while running snort with the -T option. When I do run it with the -T option,
I get the following error:


-sh-2.05b# ./snortd test
Testing Snort's ConfgurationInitializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
        parse error
PCAP command: eth1
Fatal Error, Quitting..

"snortd test" does the following:
  test)
        echo -n "Testing Snort's Confguration"
        /usr/local/bin/snort -T $INTERFACE -c $CONFIG
        echo
        ;;

The interface being "eth1" which is set in the script.

All worked fine when I use eth0 as my sensor card.


Any suggestions?

Thanks in advance,

Mike


Here is more info:

Dec 10 08:46:28 LogServer snortd: snort shutdown succeeded
Dec 10 08:46:28 LogServer kernel: eth1: Setting promiscuous mode.
Dec 10 08:46:28 LogServer kernel: device eth1 entered promiscuous mode
Dec 10 08:46:28 LogServer snort: Initializing daemon mode
Dec 10 08:46:28 LogServer snort: PID path stat checked out ok, PID path set
to /var/run/
Dec 10 08:46:29 LogServer snort: Writing PID "8459" to file
"/var/run//snort_eth1.pid"
Dec 10 08:46:29 LogServer snort: http_decode arguments:
Dec 10 08:46:29 LogServer snort:     Unicode decoding
Dec 10 08:46:29 LogServer snort:     IIS alternate Unicode decoding
Dec 10 08:46:29 LogServer snort:     IIS double encoding vuln
Dec 10 08:46:29 LogServer snort:     Flip backslash to slash
Dec 10 08:46:29 LogServer snort:     Include additional whitespace
separators
Dec 10 08:46:29 LogServer snort:     Ports to decode http on: 80
Dec 10 08:46:29 LogServer snort: rpc_decode arguments:
Dec 10 08:46:29 LogServer snort:     Ports to decode RPC on: 111 32771
Dec 10 08:46:29 LogServer snort: telnet_decode arguments:
Dec 10 08:46:29 LogServer snort:     Ports to decode telnet on: 21 23 25 119
Dec 10 08:46:29 LogServer snort: Conversation Config:
Dec 10 08:46:29 LogServer snort:    KeepStats: 0
Dec 10 08:46:29 LogServer snort:    Conv Count: 32000
Dec 10 08:46:29 LogServer snort:    Timeout   : 60
Dec 10 08:46:29 LogServer snort:    Alert Odd?: 0
Dec 10 08:46:29 LogServer snort:    Allowed IP Protocols:
Dec 10 08:46:29 LogServer snort:  All
Dec 10 08:46:29 LogServer snort:
Dec 10 08:46:29 LogServer snort: Portscan2 config:
Dec 10 08:46:29 LogServer snort:     log: /var/log/snort/scan.log
Dec 10 08:46:29 LogServer snort:     scanners_max: 3200
Dec 10 08:46:29 LogServer snort:     targets_max: 5000
Dec 10 08:46:29 LogServer snort:     target_limit: 5
Dec 10 08:46:29 LogServer snort:     port_limit: 20
Dec 10 08:46:29 LogServer snort:     timeout: 60
Dec 10 08:46:29 LogServer snort: WARNING: unknown output plugin: 'trap_snmp'
Dec 10 08:46:29 LogServer last message repeated 3 times
Dec 10 08:46:29 LogServer snort: Snort initialization completed
successfully, Snort running





More information about the Snort-users mailing list