[Snort-users] WARNING: normalizations disabled because DAQ can't replace packets.

Yayan Tri Taryana yayantritaryana at ...11827...
Thu Dec 13 04:12:44 EST 2012


Hi,

I have and IDS Server using snort, previously my server is work normal, but
now i realize that my snort is not log the alert.

when i tail -f /var/log/message

theres an error say "WARNING: normalizations disabled because DAQ can't
replace packets."

is anyone encountered this and how to fix it ..

this is my log

: [ Number of patterns truncated to 20 bytes: 3926 ]
Dec 13 15:12:39 GURUH0 snort[3149]: pcap DAQ configured to passive.
Dec 13 15:12:39 GURUH0 snort[3149]: Acquiring network traffic from "eth3".
Dec 13 15:12:39 GURUH0 snort[3149]: Initializing daemon mode
Dec 13 15:12:39 GURUH0 snort[3150]: Daemon initialized, signaled parent
pid: 3149
Dec 13 15:12:39 GURUH0 snort[3150]: Reload thread starting...
Dec 13 15:12:39 GURUH0 snort[3150]: Reload thread started, thread
0x426f8940 (3150)
Dec 13 15:12:39 GURUH0 kernel: device eth3 entered promiscuous mode
Dec 13 15:12:39 GURUH0 kernel: type=1700 audit(1355386359.639:8): dev=eth3
prom=256 old_prom=0 auid=4294967295 ses=4294967295
Dec 13 15:12:39 GURUH0 snort[3150]: Decoding Ethernet
Dec 13 15:12:39 GURUH0 snort[3150]: Checking PID path...
Dec 13 15:12:39 GURUH0 snort[3150]: PID path stat checked out ok, PID path
set to /var/run/
Dec 13 15:12:39 GURUH0 snort[3150]: Writing PID "3150" to file
"/var/run//snort_eth3.pid"
Dec 13 15:12:39 GURUH0 snort[3150]: Set gid to 500
Dec 13 15:12:39 GURUH0 snort[3150]: Set uid to 500
Dec 13 15:12:39 GURUH0 snort[3150]: WARNING: normalizations disabled
because DAQ can't replace packets.
Dec 13 15:12:39 GURUH0 snort[3150]:
Dec 13 15:12:39 GURUH0 snort[3150]:         --== Initialization Complete
==--
Dec 13 15:12:39 GURUH0 snort[3150]: Commencing packet processing (pid=3150)


Txs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121213/7ae0e2a9/attachment.html>


More information about the Snort-users mailing list