[Snort-users] running snort on Ubuntu

PS packetstack at ...11827...
Thu Feb 23 02:37:25 EST 2012


Are you using barnyard to send the logs to the DB? Can you confirm if the log data is being imported into the DB which BASE is using?

As for the DAQ issue. What is the exact command that you are running?

On Feb 23, 2012, at 2:27 AM, Jagan Mohan Reddy D wrote:

> Thanks for your reply....
> 
> i have another query on Snort with Base....
> 
> I am not getting alerts into BASE i.e all alerts it shows 0% only...
> 
> one more thing is,
> 
> while i'm running snort with command line option as snort -Q, i'm getting error...
> 
> ERROR: pcap DAQ does not support inline.
> ----------------
> D J M Reddy
> 
> 
> On 23 February 2012 12:29, PS <packetstack at ...11827...> wrote:
> Assuming that you are using two interfaces... try the command below
> 
> /usr/local/bin/snort --daq afpacket -Q -i eth0:eth1 -c /usr/local/snort/etc/snort.conf
> 
> Replace eth0:eth1 with your corresponding interfaces.
> 
> 
> 
> On Feb 23, 2012, at 1:32 AM, Jagan Mohan Reddy D wrote:
> 
> > $ sudo /usr/local/snort/bin/snort -de -i eth0 --daq-dir /usr/local/lib/daq -l /var/log/snort/ -c /usr/local/snort/etc/snort.conf
> >
> >
> > While using the above command i'm getting the following errors......
> >
> > [ Number of patterns truncated to 20 bytes: 1041 ]
> > ERROR: pcap DAQ does not support inline.
> > Fatal Error, Quitting..
> >
> > What's wrong in that command .....?
> >
> > Here i'm attaching my snort.conf
> >
> > can any one please help me on this error....
> >
> >
> >
> > ----------------
> > thanks & regards
> > D J M Reddy
> >
> > <snort.conf>------------------------------------------------------------------------------
> > Virtualization & Cloud Management Using Capacity Planning
> > Cloud computing makes use of virtualization - but cloud computing
> > also focuses on allowing computing to be delivered as a service.
> > http://www.accelacomm.com/jaw/sfnl/114/51521223/_______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120223/e035951a/attachment.html>


More information about the Snort-users mailing list