[Snort-users] Error Starting Snort with DAQ

rob iscool robrob2626 at ...131...
Wed Feb 2 12:50:06 EST 2011


Disregard this post. I was using -f instead of -c. Midweek blues I guess. 

Thanks
Robert




________________________________
From: Russ Combs <rcombs at ...1935...>
To: rob iscool <robrob2626 at ...131...>
Cc: snort-users at lists.sourceforge.net; Michael Scheidell 
<michael.scheidell at ...8144...>; Michael Altizer <maltizer at ...1935...>
Sent: Wed, February 2, 2011 9:42:43 AM
Subject: Re: Error Starting Snort with DAQ




On Wed, Feb 2, 2011 at 12:34 PM, rob iscool <robrob2626 at ...131...> wrote:

Has anyone seen this error before. Im running on FreeBSD 72x86.
>I sorry if this has answered before.
>
>Robert
>
>========Start of Error==================
>#: snort -f /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0
>Running in packet dump mode
>
>       --== Initializing Snort ==--
>Initializing Output Plugins!
>Snort BPF option: /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0
>

It looks like -c is missing?
 

pcap DAQ configured to passive.
>Acquiring network traffic from "vr0".
>ERROR: Can't set DAQ BPF filter to '/usr/local/etc/snort/snort.conf -l
>/var/log/snort -v -i vr0' (pcap_daq_set_filter: pcap_compile: syntax error)!
>Fatal Error, Quitting..
>===========================
>
>======== Start of Patch =========
>
>--- os-daq-modules/daq_pcap.c.orig      2011-01-30 15:28:19.000000000 -0500
>+++ os-daq-modules/daq_pcap.c   2011-01-30 15:27:19.000000000 -0500
>@@ -216,7 +216,7 @@ static int pcap_daq_initialize(const DAQ
>    for (entry = config->values; entry; entry = entry->next)
>    {
>        if (!strcmp(entry->key, "buffer_size"))
>-            context->buffer_size = strtol(entry->key, NULL, 10);
>+            context->buffer_size = strtol(entry->value, NULL, 10);
>    }
>    /* Try to account for legacy PCAP_FRAMES environment variable if we weren't
>passed a buffer size. */
>    if (context->buffer_size == 0)
>
>
>=============================
>
>
>
>
>



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110202/bc7719b7/attachment.html>


More information about the Snort-users mailing list