[Snort-users] snort help

Nick Moore nmoore at ...1935...
Thu Feb 23 05:54:17 EST 2012


Jagan,

I believe you need two interfaces, not just eth0 to do inline. If your
second inline interface is eth1, then try something like this:

snort -D —daq afpacket -Q -c /usr/local/snort/etc/snort.conf -i eth0:eth1
-l /var/log/snort

Please note I didn't test it yet - have to build an inline setup for that
and didn't have the time this morning. You can also try looking at some of
the snort forums. There's been lots of discussion on this:

https://forums.snort.org/forums/snort-newbies/topics/how-to-work-with-snort-ips

Happy Snorting!

Nick

On Thursday, February 23, 2012, Jagan Mohan Reddy D wrote:

>
> $ sudo /usr/local/snort/bin/snort -de -i eth0 --daq-dir /usr/local/lib/daq
> -l /var/log/snort/ -c /usr/local/snort/etc/snort.conf
>
>
> While using the above command i'm getting the following errors......
>
> [ Number of patterns truncated to 20 bytes: 1041 ]
> ERROR: pcap DAQ does not support inline.
> Fatal Error, Quitting..
>
> What's wrong in that command .....?
>
> Here i'm attaching my snort.conf
>
> can any one please help me on this error....
>
>
>
> ----------------
> thanks & regards
> D J M Reddy
>
>
>

-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120223/9053e6e6/attachment.html>


More information about the Snort-users mailing list