[Snort-users] Error Starting Snort with DAQ

rob iscool robrob2626 at ...131...
Wed Feb 2 12:34:34 EST 2011


Has anyone seen this error before. Im running on FreeBSD 72x86.
I sorry if this has answered before.

Robert

========Start of Error==================
#: snort -f /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0
pcap DAQ configured to passive.
Acquiring network traffic from "vr0".
ERROR: Can't set DAQ BPF filter to '/usr/local/etc/snort/snort.conf -l 
/var/log/snort -v -i vr0' (pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..
===========================

======== Start of Patch =========

--- os-daq-modules/daq_pcap.c.orig      2011-01-30 15:28:19.000000000 -0500
+++ os-daq-modules/daq_pcap.c   2011-01-30 15:27:19.000000000 -0500
@@ -216,7 +216,7 @@ static int pcap_daq_initialize(const DAQ
     for (entry = config->values; entry; entry = entry->next)
     {
         if (!strcmp(entry->key, "buffer_size"))
-            context->buffer_size = strtol(entry->key, NULL, 10);
+            context->buffer_size = strtol(entry->value, NULL, 10);
     }
     /* Try to account for legacy PCAP_FRAMES environment variable if we weren't 
passed a buffer size. */
     if (context->buffer_size == 0)


=============================



      




More information about the Snort-users mailing list