[Snort-users] problems in snort installing.

Mohammad MontazerI mohamad_montazery at ...131...
Tue Mar 19 12:12:45 EDT 2013


Hello dear all.


You are getting this error because Snort thinks you 
are trying to issue the word "status" as a bpf.  You aren't giving Snort any arguments or commands, in fact "./snort status" doesn't do 
anything.
"snort
 -i eth0 -c /path/to/snort.conf -A cmg" should start Snort and make it 
listen on port eth0. You should see it start up and give you alerts if 
you have traffic on eth0

but i exactly used the snort install guide commands. all commands worked fine except these part of the guide:

Finally, if you have SNORT working in test mode (-T option), try starting SNORT with
/etc/init.d/snort start  (its not working)
 (you should get a running message if all is well). If there is a
problem, check the output in /var/log/messages for additional details as to why snort
failed to start.
Also, you can check the status of snort by issuing the command below (while still in
/etc/init.d):
./snort status <enter> (its not working)
If it's working, you should see the output below:
Checking for service  snort running

how can find out snort working properly?






________________________________

 

Ho dear all.
>i asked this question and dear waldo suggested to kill one of the snort instance. i did it but nothing happened.
>again  same error!
>here again my command line after killing snort instance:
>
> ps aux | grep snort
>root      3858  0.0  0.0   4172   804 pts/0    S+   13:21   0:00 grep --color=auto snort
>
> ./snort status
>Running in packet dump mode
>
>        --== Initializing Snort ==--
>Initializing Output Plugins!
>Snort BPF option: status
>pcap DAQ configured to passive.
>Acquiring network traffic from "eth0".
>ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
>Fatal Error, Quitting..
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130319/0e97dec5/attachment.html>


More information about the Snort-users mailing list