[Snort-users] Fw: problems in snort installing.

Joel Esler jesler at ...1935...
Tue Mar 19 10:04:27 EDT 2013


On Mar 19, 2013, at 8:45 AM, Mohammad MontazerI <mohamad_montazery at ...8167....> wrote:

> linux-s211:/usr/sbin # ./snort -i eth0 -u snort -g snort -c /etc/snort/snort.conf -D
> Spawning daemon child...
> My daemon child 3896 lives...
> Daemon parent exiting (0)

This generally means that Snort started.  If you "ps aux | grep snort" does it show Snort running?  If it doesn't, you should have some kind of error in your logs.

> linux-s211:/usr/sbin # ./snort status
> Running in packet dump mode
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Snort BPF option: status
> pcap DAQ configured to passive.
> Acquiring network traffic from "eth0".
> ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
> Fatal Error, Quitting..

Refer to my other email.  There is no such command for Snort called "status".

http://manual.snort.org


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130319/4e2c6675/attachment.html>


More information about the Snort-users mailing list