[Snort-users] Problem starting snort
David López Zajara (Er_Maqui)
er_maqui at ...15331...
Thu Jul 7 10:30:04 EDT 2011
The problem are referred to this debian bug report:
A new version of libpcap who requires new kernel version to work.
Thanks for our help,
Linux registered user ~#363219
PGP keys avaiables at KeyServ. ID: 0x4233E9F2
Los hombres somos esclavos de la historia
On Tue, Jul 5, 2011 at 19:03, David López Zajara (Er_Maqui)
<er_maqui at ...15331...> wrote:
> There's the data:
> Debian: sid.
> rc snort 2.7.0-17
> flexible Network Intrusion Detection System
> ii libpcap0.8 1.1.1-6
> system interface for user-level packet
> Now, snort are on inconsistent status (for dpkg) because the start
> fails on the configuration process and break all the update. I make
> the installation with apt-get package manager. The update will covered
> snort, new gcc, some mysql binaries and another libraries. The update
> covers, on the network layer, the firewall (working properly after
> update them), snort (breaked), netbase, but not libpcap.
> For installing snort, i've used before today the default from debian
> package (start-stop-daemon --start --quiet --pidfile
> /var/run/snort_eth0.pid --exec snort -- -c /etc/snort/snort.eth0.conf
> -S "HOME_NET=192.168.0.0/22" -i eth0 > /dev/null
> Today, i've added to the configuration the param -v, but the log on
> /var/log/daemon.log doesn't have more relevant information of these
> Linux registered user ~#363219
> PGP keys avaiables at KeyServ. ID: 0x4233E9F2
> Los hombres somos esclavos de la historia
> On Tue, Jul 5, 2011 at 16:08, Nick Moore <nmoore***sourcefire.com> wrote:
>> Can you re-post with some more information?
>> What did you update?
>> Version of Snort, Debian, libpcap, daq?
>> How did you install Snort - from source, rpm or with other code like a
>> firewall such as pfSense?
>> Command you are using to start Snort?
>> On Tue, Jul 5, 2011 at 6:44 AM, David López Zajara (Er_Maqui)
>> <er_maqui at ...15331...> wrote:
>>> I have a debian box with snort installed. Before updating today, i
>>> have problems to start snort:
>>> There's the relevant line of the start log:
>>> Jul 5 13:43:32 firewall snort: Initializing Network Interface eth0
>>> Jul 5 13:43:32 firewall snort: FATAL ERROR: OpenPcap() device
>>> eth0 open: eth0: getsockopt: Protocol not available
>>> I've tested changing the interface to eth1, 2 or 3 without another result.
>>> Can someone help me with this problem?
>>> Linux registered user ~#363219
>>> PGP keys avaiables at KeyServ. ID: 0x4233E9F2
>>> Los hombres somos esclavos de la historia
>>> All of the data generated in your IT infrastructure is seriously valuable.
>>> Why? It contains a definitive record of application performance, security
>>> threats, fraudulent activity, and more. Splunk takes this data and makes
>>> sense of it. IT sense. And common sense.
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> Snort-users list archive:
>>> Please see http://www.snort.org/docs for documentation
>> Nick Moore, SFCE, CISSP, CISA
>> Sr. Systems Engineer
>> Voice 708-336-9041
>> Email nick.moore at ...1935...
>> IM nickgmoore (Yahoo)
>> nickgmoore38 (AIM)
>> o" )~ Sourcefire - The Creators of Snort
>> www.sourcefire.com www.snort.org www.immunet.com
More information about the Snort-users