[Snort-users] Snort 1.8.7 with -z est|all switch fails to start
dushy at ...5318...
Fri Jul 12 03:19:03 EDT 2002
Just downloaded and compiled Snort 1.8.7 on my slackware 8.0 machine
(Intel arch) with the options (--with-mysql --with-openssl --enable-debug).
Starting snort with -z switch quits with the error given below. It works
without the -z switch.
root at ...6299... /etc/snort> snort -v -c /etc/snort/rules/snort.conf -o -z all -T
snort.c:678: Parsing command line...
snort.c:698: Processing cmd line switch: v
snort.c:1158: Verbose Flag active
snort.c:698: Processing cmd line switch: c
snort.c:774: Config file = /etc/snort/rules/snort.conf, config dir =
snort.c:698: Processing cmd line switch: o
snort.c:1020: Rule application order changed to Pass->Alert->Log
snort.c:698: Processing cmd line switch: z
snort.c:698: Processing cmd line switch: T
snort.c:1105: Snort starting in test mode...
snort.c:1244: pcap_cmd is all
Log directory = /var/log/snort
snort.c:172: Opening interface: eth0
Initializing Network Interface eth0
snaplength info: set=1514/compiled=1514/wanted=0
ERROR: OpenPcap() FSM compilation failed:
PCAP command: all
Fatal Error, Quitting..
libpcap version is 0.6.1. Using stable rules not snortcurrent.
output log_tcpdump: snort.log
output alert_full: /var/log/snort/snort_full
output alert_fast: /var/log/snort/snort_fast
output alert_full: snort_full
output alert_fast: snort_fast
output database: alert, mysql, user=snort password=* dbname=snort host=localhost
preprocessor stream4: detect_scans keepstats binary
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111 32771
preprocessor portscan: $HOME_NET 4 3 portscan.log
Snort 1.8.6 works perfectly fine with the same snort.conf.
Any more info , please let me know..
To err is human...to really foul up requires the root password.
More information about the Snort-users