[Snort-users] Problem starting snort

David López Zajara (Er_Maqui) er_maqui at ...15331...
Thu Jul 7 10:30:04 EDT 2011


Resolved.

The problem are referred to this debian bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625443

A new version of libpcap who requires new kernel version to work.


Thanks for our help,

http://maqui.darkbolt.net/
Linux registered user ~#363219
PGP keys avaiables at KeyServ. ID: 0x4233E9F2
Los hombres somos esclavos de la historia



On Tue, Jul 5, 2011 at 19:03, David López Zajara (Er_Maqui)
<er_maqui at ...15331...> wrote:
> Hi,
>
> There's the data:
>
> Debian: sid.
>
> rc  snort                                         2.7.0-17
>                         flexible Network Intrusion Detection System
> ii  libpcap0.8                                    1.1.1-6
>                         system interface for user-level packet
> capture
>
> Now, snort are on inconsistent status (for dpkg) because the start
> fails on the configuration process and break all the update. I make
> the installation with apt-get package manager. The update will covered
> snort, new gcc, some mysql binaries and another libraries. The update
> covers, on the network layer, the firewall (working properly after
> update them), snort (breaked), netbase, but not libpcap.
>
> For installing snort, i've used before today the default from debian
> package (start-stop-daemon --start --quiet --pidfile
> /var/run/snort_eth0.pid --exec snort -- -c /etc/snort/snort.eth0.conf
> -S "HOME_NET=192.168.0.0/22" -i eth0 > /dev/null
>
> Today, i've added to the configuration the param -v, but the log on
> /var/log/daemon.log doesn't have more relevant information of these
> problem.
>
>
> Regards,
>
> http://maqui.darkbolt.net/
> Linux registered user ~#363219
> PGP keys avaiables at KeyServ. ID: 0x4233E9F2
> Los hombres somos esclavos de la historia
>
>
>
> On Tue, Jul 5, 2011 at 16:08, Nick Moore <nmoore***sourcefire.com> wrote:
>> David,
>>
>> Can you re-post with some more information?
>>
>> What did you update?
>> Version of Snort, Debian, libpcap, daq?
>> How did you install Snort - from source, rpm or with other code like a
>> firewall such as pfSense?
>> Command you are using to start Snort?
>>
>> Thanks!
>>
>> Nick
>>
>> On Tue, Jul 5, 2011 at 6:44 AM, David López Zajara (Er_Maqui)
>> <er_maqui at ...15331...> wrote:
>>>
>>> Hi,
>>>
>>> I have a debian box with snort installed. Before updating today, i
>>> have problems to start snort:
>>> There's the relevant line of the start log:
>>>
>>> Jul  5 13:43:32 firewall snort[21411]: Initializing Network Interface eth0
>>> Jul  5 13:43:32 firewall snort[21411]: FATAL ERROR: OpenPcap() device
>>> eth0 open: eth0: getsockopt: Protocol not available
>>>
>>> I've tested changing the interface to eth1, 2 or 3 without another result.
>>> Can someone help me with this problem?
>>>
>>>
>>> Thanks,
>>>
>>> http://maqui.darkbolt.net/
>>> Linux registered user ~#363219
>>> PGP keys avaiables at KeyServ. ID: 0x4233E9F2
>>> Los hombres somos esclavos de la historia
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> All of the data generated in your IT infrastructure is seriously valuable.
>>> Why? It contains a definitive record of application performance, security
>>> threats, fraudulent activity, and more. Splunk takes this data and makes
>>> sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-d2d-c2
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please see http://www.snort.org/docs for documentation
>>
>>
>>
>> --
>> Nick Moore, SFCE, CISSP, CISA
>> Sr. Systems Engineer
>> Voice 708-336-9041
>> Email nick.moore at ...1935...
>> IM    nickgmoore (Yahoo)
>>        nickgmoore38 (AIM)
>>
>>     ,,_
>>    o"  )~   Sourcefire - The Creators of Snort
>>     ''''
>>
>> www.sourcefire.com         www.snort.org     www.immunet.com
>




More information about the Snort-users mailing list