[Snort-users] problems in snort installing.

Joel Esler jesler at ...1935...
Tue Mar 19 13:05:16 EDT 2013


Moving conversation back on list.  Please keep it on list.

If you run "snort -c /path/to/snort.conf -i eth0"  what happens?


On Mar 19, 2013, at 1:03 PM, Mohammad MontazerI <mohamad_montazery at ...8167....> wrote:

> i tryed it:
> 
> linux-s211:/usr/sbin # /etc/init.d/snort status
> bash: /etc/init.d/snort: Permission denied
> 
> 
> 
> From: Joel Esler <jesler at ...1935...>
> To: Mohammad MontazerI <mohamad_montazery at ...131...> 
> Cc: "snort-users at lists.sourceforge.net" <snort-users at ...3893...t> 
> Sent: Tuesday, March 19, 2013 9:21 PM
> Subject: Re: [Snort-users] problems in snort installing.
> 
> Try:
> 
> /etc/init.d/snort status
> 
> Looks like there may be an error in the docs.
> 
> 
> 
> On Mar 19, 2013, at 12:12 PM, Mohammad MontazerI <mohamad_montazery at ...7093...1...> wrote:
> 
> > Hello dear all.
> > 
> > 
> > You are getting this error because Snort thinks you are trying to issue the word "status" as a bpf.  You aren't giving Snort any arguments or commands, in fact "./snort status" doesn't do anything.
> > "snort -i eth0 -c /path/to/snort.conf -A cmg" should start Snort and make it listen on port eth0. You should see it start up and give you alerts if you have traffic on eth0
> > 
> > but i exactly used the snort install guide commands. all commands worked fine except these part of the guide:
> > 
> > Finally, if you have SNORT working in test mode (-T option), try starting SNORT with
> > /etc/init.d/snort start  (its not working)
> >  (you should get a running message if all is well). If there is a
> > problem, check the output in /var/log/messages for additional details as to why snort
> > failed to start.
> > Also, you can check the status of snort by issuing the command below (while still in
> > /etc/init.d):
> > ./snort status <enter> (its not working)
> > If it's working, you should see the output below:
> > Checking for service  snort running
> > 
> > how can find out snort working properly?
> > 
> > 
> > 
> > 
> > 
> > 
> >> Ho dear all.
> >> i asked this question and dear waldo suggested to kill one of the snort instance. i did it but nothing happened.
> >> again  same error!
> >> here again my command line after killing snort instance:
> >> 
> >>  ps aux | grep snort
> >> root      3858  0.0  0.0  4172  804 pts/0    S+  13:21  0:00 grep --color=auto snort
> >> 
> >>  ./snort status
> >> Running in packet dump mode
> >> 
> >>        --== Initializing Snort ==--
> >> Initializing Output Plugins!
> >> Snort BPF option: status
> >> pcap DAQ configured to passive.
> >> Acquiring network traffic from "eth0".
> >> ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
> >> Fatal Error, Quitting..
> > 
> > 
> > 
> > 
> > ------------------------------------------------------------------------------
> > Everyone hates slow websites. So do we.
> > Make your web apps faster with AppDynamics
> > Download AppDynamics Lite for free today:
> > http://p.sf.net/sfu/appdyn_d2d_mar_______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130319/62eef046/attachment.html>


More information about the Snort-users mailing list