[Snort-users] problems in snort installing.
mohamad_montazery at ...131...
Tue Mar 19 12:12:45 EDT 2013
Hello dear all.
You are getting this error because Snort thinks you
are trying to issue the word "status" as a bpf. You aren't giving Snort any arguments or commands, in fact "./snort status" doesn't do
-i eth0 -c /path/to/snort.conf -A cmg" should start Snort and make it
listen on port eth0. You should see it start up and give you alerts if
you have traffic on eth0
but i exactly used the snort install guide commands. all commands worked fine except these part of the guide:
Finally, if you have SNORT working in test mode (-T option), try starting SNORT with
/etc/init.d/snort start (its not working)
(you should get a running message if all is well). If there is a
problem, check the output in /var/log/messages for additional details as to why snort
failed to start.
Also, you can check the status of snort by issuing the command below (while still in
./snort status <enter> (its not working)
If it's working, you should see the output below:
Checking for service snort running
how can find out snort working properly?
Ho dear all.
>i asked this question and dear waldo suggested to kill one of the snort instance. i did it but nothing happened.
>again same error!
>here again my command line after killing snort instance:
> ps aux | grep snort
>root 3858 0.0 0.0 4172 804 pts/0 S+ 13:21 0:00 grep --color=auto snort
> ./snort status
>Running in packet dump mode
> --== Initializing Snort ==--
>Initializing Output Plugins!
>Snort BPF option: status
>pcap DAQ configured to passive.
>Acquiring network traffic from "eth0".
>ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
>Fatal Error, Quitting..
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users