[Snort-users] @barnyard2 error

waldo kitty wkitty42 at ...14940...
Thu Jul 11 04:50:47 EDT 2013

On 7/11/2013 04:19, anagha b wrote:
> Hi all
> At the time of install i installed snort for user anagha.
> If i run snort as root then snort starts packet processing but if i try to run
> snort other than root [as anagh]i get following error
> anagha at ...15657...~$  snort -c /srv/cloud/one/snort- -i eth0
> Initializing Output Plugins!
> pcap DAQ configured to passive.
> Acquiring network traffic from "eth0".
> ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
> Fatal Error, Quitting..

why can't you start snort as root and let it switch users? IIRC -u and -g

ie: snort -c /etc/snort.conf -D -u snort -g snort -d -e -A Full -i eth0

the above runs snort as user snort and group snort...

> I tried to start barnyard when*snort is running with root* but i configured
> databases access for specific user[I set this user for snort already] for
> barnyard  i am getting error for barnyard when i run snort as root.

the user that snort runs as has nothing to do with the user that barnyard2 runs 
as... as long as barnyard2 can access the snort unified2 output file(s) and the 
database, then barnyard2 should be able to do its job...

> barnyard2 -c /srv/cloud/one/barnyard2-2-1.13/etc/barnyard2.conf -f snort.u2 -w
> /var/log/snort/barnyard2.waldo
> error:Barnyard2 spooler: Event cache size set to [2048]
> Log directory = /var/log/snort/
> INFO database: Defaulting Reconnect/Transaction Error limit to 10
> INFO database: Defaulting Reconnect sleep time to 5 second
> database mysql_error: Access denied for user 'root'@'localhost' (using password:
> YES)
> Barnyard2 exiting
> database: Closing connection to database "db"

have you given that user the rights to access the database?

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

More information about the Snort-users mailing list