[Snort-users] problems in snort installing.

Joel Esler jesler at ...1935...
Tue Mar 19 12:51:22 EDT 2013


Try:

/etc/init.d/snort status

Looks like there may be an error in the docs.



On Mar 19, 2013, at 12:12 PM, Mohammad MontazerI <mohamad_montazery at ...8782.....> wrote:

> Hello dear all.
> 
> 
> You are getting this error because Snort thinks you are trying to issue the word "status" as a bpf.  You aren't giving Snort any arguments or commands, in fact "./snort status" doesn't do anything.
> "snort -i eth0 -c /path/to/snort.conf -A cmg" should start Snort and make it listen on port eth0. You should see it start up and give you alerts if you have traffic on eth0
> 
> but i exactly used the snort install guide commands. all commands worked fine except these part of the guide:
> 
> Finally, if you have SNORT working in test mode (-T option), try starting SNORT with
> /etc/init.d/snort start  (its not working)
>  (you should get a running message if all is well). If there is a
> problem, check the output in /var/log/messages for additional details as to why snort
> failed to start.
> Also, you can check the status of snort by issuing the command below (while still in
> /etc/init.d):
> ./snort status <enter> (its not working)
> If it's working, you should see the output below:
> Checking for service  snort running
> 
> how can find out snort working properly?
> 
> 
> 
> 
> 
> 
>> Ho dear all.
>> i asked this question and dear waldo suggested to kill one of the snort instance. i did it but nothing happened.
>> again  same error!
>> here again my command line after killing snort instance:
>> 
>>  ps aux | grep snort
>> root      3858  0.0  0.0   4172   804 pts/0    S+   13:21   0:00 grep --color=auto snort
>> 
>>  ./snort status
>> Running in packet dump mode
>> 
>>         --== Initializing Snort ==--
>> Initializing Output Plugins!
>> Snort BPF option: status
>> pcap DAQ configured to passive.
>> Acquiring network traffic from "eth0".
>> ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
>> Fatal Error, Quitting..
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list