[Snort-users] Snort 1.8.7 with -z est|all switch fails to start

Dushyanth Harinath dushy at ...5318...
Fri Jul 12 03:19:03 EDT 2002


Hi folks,

Just downloaded and compiled Snort 1.8.7 on my slackware 8.0 machine
(Intel arch) with the options (--with-mysql --with-openssl --enable-debug). 
Starting snort with -z switch quits with the error given below. It works
without the -z switch. 

root at ...6299... /etc/snort> snort -v -c /etc/snort/rules/snort.conf -o -z all -T
snort.c:678: Parsing command line...
snort.c:698: Processing cmd line switch: v
snort.c:1158: Verbose Flag active
snort.c:698: Processing cmd line switch: c
snort.c:774: Config file = /etc/snort/rules/snort.conf, config dir =
/etc/snort/rules/ 
snort.c:698: Processing cmd line switch: o
snort.c:1020: Rule application order changed to Pass->Alert->Log
snort.c:698: Processing cmd line switch: z
snort.c:698: Processing cmd line switch: T
snort.c:1105: Snort starting in test mode...
snort.c:1244: pcap_cmd is all
Log directory = /var/log/snort
snort.c:172: Opening interface: eth0

Initializing Network Interface eth0
snaplength info: set=1514/compiled=1514/wanted=0
ERROR: OpenPcap() FSM compilation failed: 
parse error
PCAP command: all
Fatal Error, Quitting..
		

libpcap version is 0.6.1. Using stable rules not snortcurrent.

<snippets snort.conf>

output log_tcpdump: snort.log
output alert_full: /var/log/snort/snort_full
output alert_fast: /var/log/snort/snort_fast
output alert_full: snort_full
output alert_fast: snort_fast
output database: alert, mysql, user=snort password=* dbname=snort host=localhost

preprocessor frag2
preprocessor stream4: detect_scans keepstats binary
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log


Snort 1.8.6 works perfectly fine with the same snort.conf.

Any more info , please let me know..
TIA
dushyanth
-- 
To err is human...to really foul up requires the root password.

http://symonds.net/~dushy




More information about the Snort-users mailing list