[Snort-users] Problem: Snort Daemon - again -:(

Jiju Menon security4rrm at ...11827...
Mon Feb 28 11:49:02 EST 2005


2/28

I am running snort from command line in my Redhat 9 gateway machine
that has 3 interfaces.

I had received some responses on this issue to my earlier mails. But
the snort daemon that I implemented using INTERFACE=any DOES NOT seem
to detect traffic on all interfaces in the machine I want it to be
working.

Mr. Maria Lopez Hernandez asked me to put INTERFACE=3Dany where I
received the error

Feb 26 15:22:07 Gateway modprobe: modprobe: Can't locate module 3Dany
Feb 26 15:22:07 Gateway snort: FATAL ERROR: OpenPcap() device 3Dany
open:  ^Iioctl: No such device
Feb 26 15:22:07 Gateway snortd: snort startup failed

Is there a possible cure for this?


Thanks.




> ----------------------------------------------------------------------------------------
> HISTORY
> -----------------------------------------------------------------------------------------

Solution from Mr. Maria Lopez Hernandez

> > Just use:
> > INTERFACE=3Dany
> >
> > But you have to change the script. What it's wrong it's the script
> > you are using. It specifies the variable INTERFACE but it doesn't
> > use it later to launch snort, so it won't work.
> >
> > Change the line:
> > daemon /usr/local/bin/snort -u snort -g snort -d -D \
> >                 -c /etc/snort/snort.conf
> >
> > to:
> >
> > daemon /usr/local/bin/snort -u snort -g snort -d -i $INTERFACE -D \
> >                 -c /etc/snort/snort.conf
> >
> > and it will work.
> >
> > > By default, it takes only eth0 and does not seem to change interface
> > > even if I specify eth1, or eth2.
> > >=20
> > > Any help is welcome.
> > >=20
> > > Thank you
> >
> > Regards.
> >
> > --=20
> >
> > Jose Maria Lopez Hernandez
> > Director Tecnico de bgSEC
> > jkerouac at ...12346...
> > bgSEC Seguridad y Consultoria de Sistemas Informaticos
> > http://www.bgsec.com
>




More information about the Snort-users mailing list