[Snort-users] snort help
nmoore at ...1935...
Thu Feb 23 05:54:17 EST 2012
I believe you need two interfaces, not just eth0 to do inline. If your
second inline interface is eth1, then try something like this:
snort -D —daq afpacket -Q -c /usr/local/snort/etc/snort.conf -i eth0:eth1
Please note I didn't test it yet - have to build an inline setup for that
and didn't have the time this morning. You can also try looking at some of
the snort forums. There's been lots of discussion on this:
On Thursday, February 23, 2012, Jagan Mohan Reddy D wrote:
> $ sudo /usr/local/snort/bin/snort -de -i eth0 --daq-dir /usr/local/lib/daq
> -l /var/log/snort/ -c /usr/local/snort/etc/snort.conf
> While using the above command i'm getting the following errors......
> [ Number of patterns truncated to 20 bytes: 1041 ]
> ERROR: pcap DAQ does not support inline.
> Fatal Error, Quitting..
> What's wrong in that command .....?
> Here i'm attaching my snort.conf
> can any one please help me on this error....
> thanks & regards
> D J M Reddy
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Email nick.moore at ...1935...
IM nickgmoore (Yahoo)
o" )~ Sourcefire - The Creators of Snort
www.sourcefire.com www.snort.org www.immunet.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users