[Snort-users] ERROR: can't find nfq DAQ

wkitty42 at ...14940... wkitty42 at ...14940...
Thu Dec 1 09:17:58 EST 2016

On 11/30/2016 06:46 PM, Amal Saeed wrote:
> Okay, so I see nfq there, but when I run this command: *snort --daq nfq -Q -c
> /etc/snort/snort.conf *it still says permission denied.
> When I run this: *snort /usr/local/lib/daq -Q -c /etc/snort/snort.conf* it still
> says permission denied:
> Log directory = /var/log/snort
> ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
> Fatal Error, Quitting..
> I'm really confused - it seems like everything is in place, but it still refuses
> to run.

how, exactly, are you trying to change those permissions on /var/log/snort?
what does the following command return?

   ls -la /var/log/snort

it may be that your OS is locked down as to what and who can access /var/log and 
its subdirectories... what user and group is snort running as? does that user 
have permission to read and write to /var/log/snort and files in there?

above you have a command line that you are using to start snort with... is that 
the actual snort binary or a script of the same name?

   which snort

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list