[Snort-users] ERROR: can't find nfq DAQ

Amal Saeed amal.saeed at ...17680...
Wed Nov 30 14:51:15 EST 2016


I'm trying to run Snort in inline mode (-Q), but I kept running into this
problem, where it says can't find nfq DAQ even though I see nfq listed in
my --daq-list. I've tried troubleshooting with every source I found online,
but now I get a different error.

If I run: *snort --daq nfq -Q -c /etc/snort/snort.conf*
I get:
Log directory = /var/log/snort
ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert:
Permission denied
Fatal Error, Quitting..

If I run: *snort -T -c /etc/snort/snort.conf*
I get:
[ Number of patterns truncated to 20 bytes: 497 ]
ERROR: Active response: can't open ip!
Fatal Error, Quitting..

I have an IP address and I can ping myself/others and receive pings with no

Please advise on what I can do to resolve this, thank you!

Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, *Simmons Technology Support Center*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/f8cf881f/attachment.html>

More information about the Snort-users mailing list