[Snort-users] Two problems

Tica ticagugino at ...11827...
Mon Nov 19 10:46:40 EST 2007


Hi Guys,

I'm having some problems here trying to configure snort. I'm using the
latest version 2.8.0.

The first problem is... Snort is not logging to syslog... I already search
to the list archives, also I read the FAQs... but I can't find the solution.

This is the command line I'm using to start snort:

/usr/local/bin/snort /usr/local/snort/etc/snort.conf.eth0 -i eth0 -p -s -o
-d -e -I -K ascii -F /usr/local/snort/etc/exclude.conf -l
/var/log/snort/eth0 -D

The config file snort.conf.eth0 have "output alert_syslog: LOG_AUTH
LOG_ALERT" too...

The second problem is a little more annoying... If I strip out the "-F
/usr/local/snort/etc/exclude.conf" from snort command line, I get this
error:
-------------------------------------------------------------------------------
Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
        parse error
PCAP command: /usr/local/snort/etc/snort.conf.eth0
-------------------------------------------------------------------------------

Thanks in advance for your help!!

Best Regards,
-- 
Tica ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071119/723aea8b/attachment.html>


More information about the Snort-users mailing list