[Snort-users] Enc: Problems to start snort 2.9

Ivani A. Nascimento ivani_nascimento at ...6873...
Fri Apr 1 12:36:47 EDT 2011


Hi folks.

As I said earlier, I would try install the new packages rpm (2.9.4).
I did it but I can't still start the snort.

I reviewed the logs, snort.conf, but nothing. 
At first glance, everything ok. Now, I'm looking for problems in the SO.

Please, someone here is running snort in a virtual environment, specially Xen to share experience with me?

Thank you all.

Regards,

Ivani Nascimento

--- Em sex, 1/4/11, Ivani A. Nascimento <ivani_nascimento at ...6873...> escreveu:

> De: Ivani A. Nascimento <ivani_nascimento at ...6873...>
> Assunto: Re: [Snort-users] Enc: Problems to start snort 2.9
> Para: "Snort Users" <snort-users at lists.sourceforge.net>
> Data: Sexta-feira, 1 de Abril de 2011, 10:38
> 
> Thanks for your answer.
> My machine is hosted in a Xen's environment. I'm running
> CentOS 5.5 , kernel 2.6.18-194.8.1.el5.028stab070.5.
> As I said, I'm newbie about snort, so I don't know if I
> forgot any detail configuration.
> 
> I've already installed the snort in another virtual
> machine, but the environment was vmware and all the things
> worked fine.
> 
> This is my interface:
> 
> venet0:0  Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
>           inet
> addr:XXX.XXX.XXX.XXX  P-t-P:XXX.XXX.XXX.XXX 
> Bcast:XXX.XXX.XXX.XXX  Mask:255.255.255.255
>           UP BROADCAST POINTOPOINT
> RUNNING NOARP  MTU:1500  Metric:1
> 
> Ahn, I'm using snort 2.9.3 (I've used Vincent Cojot's
> rpms). I saw that there is a new versions the rpm, I'll try
> update.
> 
> Thank you all.
> 
> Regards,
> 
> Ivani
> 
> --- Em qui, 31/3/11, Jason Wallace <jason.r.wallace at ...11827...>
> escreveu:
> 
> > De: Jason Wallace <jason.r.wallace at ...11827...>
> > Assunto: Re: [Snort-users] Enc: Problems to start
> snort 2.9
> > Para: "Ivani A. Nascimento" <ivani_nascimento at ...6873...>
> > Cc: "Snort Users" <snort-users at lists.sourceforge.net>
> > Data: Quinta-feira, 31 de Março de 2011, 18:19
> > If it is a VMware virtual
> > environment, ensure that vmware-tools is
> > installed and the service is started, and then change
> the
> > interface
> > type of the VM to e1000. That should be supported in
> your
> > kernel.
> > Newer kernels have support for the new vmxnet3
> interfaces.
> > 
> > ... ~ # uname -a
> > Linux uscla1004x 2.6.36-gentoo-r5 #7 SMP Wed Feb 16
> > 13:30:51 EST 2011
> > x86_64 Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
> GenuineIntel
> > GNU/Linux
> > 
> > ... ~ # zcat /proc/config.gz |grep -i vmx
> > CONFIG_VMXNET3=y
> > 
> > 
> > So far they appear to be working well for packet
> capture.
> > 
> > 
> > Thx,
> > Wally
> > 
> > On Thu, Mar 31, 2011 at 3:27 PM, Ivani A. Nascimento
> > <ivani_nascimento at ...6873...>
> > wrote:
> > > Hi Russ,
> > >
> > > Thanks for your answer. Really, I saw the post
> that
> > you are
> > > mentioning, but any answer.
> > >
> > > Well, the interface is venet0:0; it's a virtual
> > > environment.
> > >
> > > IIt'll be any change in the kernel? I'm using
> > > 2.6.18-194.8.1.el5.028stab070.5.
> > >
> > > Thank you again.
> > >
> > >
> > >
> > > --- Em qui, 31/3/11, Russ Combs <rcombs at ...1935...>
> > escreveu:
> > >
> > > De: Russ Combs <rcombs at ...1935...>
> > > Assunto: Re: [Snort-users] Enc: Problems to
> start
> > snort 2.9
> > > Para: "Ivani A. Nascimento" <ivani_nascimento at ...6873...>
> > > Cc: snort-users at lists.sourceforge.net
> > > Data: Quinta-feira, 31 de Março de 2011, 15:21
> > >
> > > Looks like someone posted the same error about a
> year
> > ago on snort.org with 2.8.5, apparently w/o
> resolution.
> > >
> > > What type of interface is it?  libpcap will
> assume
> > SLL for unknown types and expect the kernel to leave
> room to
> > prepend the header.
> > >
> > >
> > > Appears to be making the wrong assumption.
> > >
> > > On Thu, Mar 31, 2011 at 1:48 PM, Ivani A.
> Nascimento
> > <ivani_nascimento at ...6873...>
> > wrote:
> > >
> > > Hi, folks!
> > >
> > >
> > >
> > > I'm newbie using Snort and I have a doubt.
> > >
> > >
> > >
> > > I've googled many sites, lists,  but I'm lost
> about a
> > weird error.
> > >
> > >
> > >
> > > I've installed the snort 2.9 but I can't start
> it.
> > Looking the logs, I've found:
> > >
> > >
> > >
> > > Mar 31 13:45:18 snortlab snort[16294]:      
>  
> > --== Initialization Complete ==--
> > >
> > > Mar 31 13:45:18 snortlab snort[16294]:
> Commencing
> > packet processing (pid=16294)
> > >
> > > Mar 31 13:45:19 snortlab snort[16294]: Can't
> acquire
> > (-1) - cooked-mode frame doesn't have room for sll
> header!
> > >
> > > ---
> > >
> > > ---
> > >
> > > Mar 31 13:45:50 snortlab snort[16294]:
> >
> ===============================================================================
> > >
> > > Mar 31 13:45:50 snortlab snort[16294]:
> >
> ===============================================================================
> > >
> > > Mar 31 13:45:50 snortlab snort[16294]: dcerpc2
> > Preprocessor Statistics
> > >
> > > Mar 31 13:45:51 snortlab snort[16294]:   Total
> > sessions: 0
> > >
> > > Mar 31 13:45:51 snortlab snort[16294]:
> >
> ===============================================================================
> > >
> > > Mar 31 13:45:52 snortlab snort[16294]:
> >
> ===============================================================================
> > >
> > > Mar 31 13:45:52 snortlab snort[16294]: Snort
> exiting
> > >
> > >
> > >
> > > I'm using CentOS 5.5.  Anyone you help me?
> > >
> > >
> > >
> > > Thanks for advance,
> > >
> > >
> > >
> > > Nix
> > >
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > >
> > > Create and publish websites with WebMatrix
> > >
> > > Use the most popular FREE web apps or write code
> > yourself;
> > >
> > > WebMatrix provides all the features you need to
> > develop and
> > >
> > > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> > >
> > > _______________________________________________
> > >
> > > Snort-users mailing list
> > >
> > > Snort-users at lists.sourceforge.net
> > >
> > > Go to this URL to change user options or
> unsubscribe:
> > >
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > >
> > > Snort-users list archive:
> > >
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >
> > >
> > >
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > Create and publish websites with WebMatrix
> > > Use the most popular FREE web apps or write code
> > yourself;
> > > WebMatrix provides all the features you need to
> > develop and
> > > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or
> unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > 
> 
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself;
> 
> WebMatrix provides all the features you need to develop and
> 
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list