[Snort-users] ERROR: can't find nfq DAQ

Al Lewis (allewi) allewi at ...589...
Wed Nov 30 15:17:35 EST 2016


Permissions on the directory wouldn’t be something snort can control.

Who are you running snort as? root? regular user?



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Amal Saeed <amal.saeed at ...17680...<mailto:amal.saeed at ...17680...>>
Date: Wednesday, November 30, 2016 at 3:05 PM
To: allewi <allewi at ...589...<mailto:allewi at ...589...>>
Cc: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: Re: [Snort-users] ERROR: can't find nfq DAQ

So I just ran:  snort -i wlan0 -c /etc/snort/snort.conf -T
and Snort successfully validated my configuration.

I've tried changing permission on my /var/log/snort directory, but it doesn't take the changes.

On Wed, Nov 30, 2016 at 2:59 PM, Al Lewis (allewi) <allewi at ...589...<mailto:allewi at ...589...>> wrote:
The error is “ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied"

Doesn’t look like snort can write to your logging directory.




Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Amal Saeed <amal.saeed at ...17680...<mailto:amal.saeed at ...17680...>>
Date: Wednesday, November 30, 2016 at 2:51 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] ERROR: can't find nfq DAQ

Hello,

I'm trying to run Snort in inline mode (-Q), but I kept running into this problem, where it says can't find nfq DAQ even though I see nfq listed in my --daq-list. I've tried troubleshooting with every source I found online, but now I get a different error.

If I run: snort --daq nfq -Q -c /etc/snort/snort.conf
I get:
Log directory = /var/log/snort
ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Fatal Error, Quitting..

If I run: snort -T -c /etc/snort/snort.conf
I get:
[ Number of patterns truncated to 20 bytes: 497 ]
ERROR: Active response: can't open ip!
Fatal Error, Quitting..

I have an IP address and I can ping myself/others and receive pings with no issue.

Please advise on what I can do to resolve this, thank you!

--
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, Simmons Technology Support Center



--
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, Simmons Technology Support Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/e61656c6/attachment.html>


More information about the Snort-users mailing list