[Snort-users] Fwd: Problem starting snort

David López Zajara (Er_Maqui) er_maqui at ...15331...
Tue Jul 5 13:03:11 EDT 2011


Hi,

There's the data:

Debian: sid.

rc  snort                                         2.7.0-17
                        flexible Network Intrusion Detection System
ii  libpcap0.8                                    1.1.1-6
                        system interface for user-level packet
capture

Now, snort are on inconsistent status (for dpkg) because the start
fails on the configuration process and break all the update. I make
the installation with apt-get package manager. The update will covered
snort, new gcc, some mysql binaries and another libraries. The update
covers, on the network layer, the firewall (working properly after
update them), snort (breaked), netbase, but not libpcap.

For installing snort, i've used before today the default from debian
package (start-stop-daemon --start --quiet --pidfile
/var/run/snort_eth0.pid --exec snort -- -c /etc/snort/snort.eth0.conf
-S "HOME_NET=192.168.0.0/22" -i eth0 > /dev/null

Today, i've added to the configuration the param -v, but the log on
/var/log/daemon.log doesn't have more relevant information of these
problem.


Regards,

http://maqui.darkbolt.net/
Linux registered user ~#363219
PGP keys avaiables at KeyServ. ID: 0x4233E9F2
Los hombres somos esclavos de la historia



On Tue, Jul 5, 2011 at 16:08, Nick Moore <nmoore***sourcefire.com> wrote:
> David,
>
> Can you re-post with some more information?
>
> What did you update?
> Version of Snort, Debian, libpcap, daq?
> How did you install Snort - from source, rpm or with other code like a
> firewall such as pfSense?
> Command you are using to start Snort?
>
> Thanks!
>
> Nick
>
> On Tue, Jul 5, 2011 at 6:44 AM, David López Zajara (Er_Maqui)
> <er_maqui at ...15331...> wrote:
>>
>> Hi,
>>
>> I have a debian box with snort installed. Before updating today, i
>> have problems to start snort:
>> There's the relevant line of the start log:
>>
>> Jul  5 13:43:32 firewall snort[21411]: Initializing Network Interface eth0
>> Jul  5 13:43:32 firewall snort[21411]: FATAL ERROR: OpenPcap() device
>> eth0 open: eth0: getsockopt: Protocol not available
>>
>> I've tested changing the interface to eth1, 2 or 3 without another result.
>> Can someone help me with this problem?
>>
>>
>> Thanks,
>>
>> http://maqui.darkbolt.net/
>> Linux registered user ~#363219
>> PGP keys avaiables at KeyServ. ID: 0x4233E9F2
>> Los hombres somos esclavos de la historia
>>
>>
>> ------------------------------------------------------------------------------
>> All of the data generated in your IT infrastructure is seriously valuable.
>> Why? It contains a definitive record of application performance, security
>> threats, fraudulent activity, and more. Splunk takes this data and makes
>> sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-d2d-c2
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please see http://www.snort.org/docs for documentation
>
>
>
> --
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore at ...1935...
> IM    nickgmoore (Yahoo)
>        nickgmoore38 (AIM)
>
>     ,,_
>    o"  )~   Sourcefire - The Creators of Snort
>     ''''
>
> www.sourcefire.com         www.snort.org     www.immunet.com




More information about the Snort-users mailing list