[Snort-users] Snort 2.9.7.2

Stephen Gantz stephen.gantz at ...16854...
Mon Mar 16 11:54:38 EDT 2015


Ethan,



I have seen this error occur frequently with Snort on Windows, but not
always with a clearly identified cause. Can you confirm that the pcap
output plugin (where log_tcpdump is referenced in snort.conf) is disabled
(that is, commented out)? In addition to ensuring that the line “output
log_tcpdump: tcpdump.log” is commented out (in Step #6 of snort.conf), I
would recommend also including a log directory at the end of Step #2 (a
typical entry would be “config logdir: c:\Snort\log”). Some users have
reported fixing this error by declaring the log directory in the Snort
startup command, with “-l c:\Snort\log” (the command line option there is a
lowercase L, if that’s not clear in this font).



Regards,

Steve



*From:* Ethan Hunt [mailto:ethan.e007mi2 at ...11827...]
*Sent:* Sunday, March 15, 2015 9:51 PM
*To:* snort-users at lists.sourceforge.net
*Subject:* [Snort-users] Snort 2.9.7.2



I'm running Win7 with snort 2.9.7.2 and got this error

the daq version does not support reload.
ERROR: log_tcpdump: Failed to open log file "log/snort.log.1426468125
<snort-users at lists.sourceforge.net>

How to i fix this?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150316/71f3387e/attachment.html>


More information about the Snort-users mailing list