[Snort-users] Starting Snort Errors-Fedora3

James Riden j.riden at ...11179...
Fri Mar 11 00:08:07 EST 2005


Mark Sargent <powderkeg at ...11462...> writes:

> [root at ...274... ~]# snort -i eth0 -dev /var/logs/snortlogs/snort
> Running in packet dump mode Initializing Network Interface eth0 ERROR:
> OpenPcap() FSM compilation failed: syntax error PCAP command:
> /var/logs/snortlogs/snort Fatal Error, Quitting.. Little lost. Can
> someone direct to where I should be.? Cheers.

If you're trying to specify a logging directory, you'll need -l, so
try:

# snort -i eth0 -dev -l /var/logs/snortlogs/snort

Otherwise the string at the end of your command will be interpreted as
a tcpdump-type filter. (An interface name is typically 'eth0', 'eth1'
etc. and not an IP address such as 192.168.1.1)

cheers,
 Jamie
-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/






More information about the Snort-users mailing list