[Snort-users] problems in snort installing.
jesler at ...1935...
Tue Mar 19 12:51:22 EDT 2013
Looks like there may be an error in the docs.
On Mar 19, 2013, at 12:12 PM, Mohammad MontazerI <mohamad_montazery at ...8782.....> wrote:
> Hello dear all.
> You are getting this error because Snort thinks you are trying to issue the word "status" as a bpf. You aren't giving Snort any arguments or commands, in fact "./snort status" doesn't do anything.
> "snort -i eth0 -c /path/to/snort.conf -A cmg" should start Snort and make it listen on port eth0. You should see it start up and give you alerts if you have traffic on eth0
> but i exactly used the snort install guide commands. all commands worked fine except these part of the guide:
> Finally, if you have SNORT working in test mode (-T option), try starting SNORT with
> /etc/init.d/snort start (its not working)
> (you should get a running message if all is well). If there is a
> problem, check the output in /var/log/messages for additional details as to why snort
> failed to start.
> Also, you can check the status of snort by issuing the command below (while still in
> ./snort status <enter> (its not working)
> If it's working, you should see the output below:
> Checking for service snort running
> how can find out snort working properly?
>> Ho dear all.
>> i asked this question and dear waldo suggested to kill one of the snort instance. i did it but nothing happened.
>> again same error!
>> here again my command line after killing snort instance:
>> ps aux | grep snort
>> root 3858 0.0 0.0 4172 804 pts/0 S+ 13:21 0:00 grep --color=auto snort
>> ./snort status
>> Running in packet dump mode
>> --== Initializing Snort ==--
>> Initializing Output Plugins!
>> Snort BPF option: status
>> pcap DAQ configured to passive.
>> Acquiring network traffic from "eth0".
>> ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
>> Fatal Error, Quitting..
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users