[Snort-users] ERROR: can't find nfq DAQ

Al Lewis (allewi) allewi at ...589...
Wed Nov 30 14:59:53 EST 2016


The error is “ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied"

Doesn’t look like snort can write to your logging directory.




Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Amal Saeed <amal.saeed at ...17680...<mailto:amal.saeed at ...17680...>>
Date: Wednesday, November 30, 2016 at 2:51 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] ERROR: can't find nfq DAQ

Hello,

I'm trying to run Snort in inline mode (-Q), but I kept running into this problem, where it says can't find nfq DAQ even though I see nfq listed in my --daq-list. I've tried troubleshooting with every source I found online, but now I get a different error.

If I run: snort --daq nfq -Q -c /etc/snort/snort.conf
I get:
Log directory = /var/log/snort
ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Fatal Error, Quitting..

If I run: snort -T -c /etc/snort/snort.conf
I get:
[ Number of patterns truncated to 20 bytes: 497 ]
ERROR: Active response: can't open ip!
Fatal Error, Quitting..

I have an IP address and I can ping myself/others and receive pings with no issue.

Please advise on what I can do to resolve this, thank you!

--
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, Simmons Technology Support Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/20f28db8/attachment.html>


More information about the Snort-users mailing list