[Snort-users] ERROR: can't find nfq DAQ

Amal Saeed amal.saeed at ...17680...
Wed Nov 30 15:19:10 EST 2016


I'm running as a regular user.

On Wed, Nov 30, 2016 at 3:17 PM, Al Lewis (allewi) <allewi at ...589...> wrote:

> Permissions on the directory wouldn’t be something snort can control.
>
> Who are you running snort as? root? regular user?
>
>
>
> *Albert Lewis*
>
> ENGINEER.SOFTWARE ENGINEERING
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> Email: allewi at ...589...
>
> From: Amal Saeed <amal.saeed at ...17680...>
> Date: Wednesday, November 30, 2016 at 3:05 PM
> To: allewi <allewi at ...589...>
> Cc: 'snort-users' <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] ERROR: can't find nfq DAQ
>
> So I just ran:  *snort -i wlan0 -c /etc/snort/snort.conf -T*
> and Snort successfully validated my configuration.
>
> I've tried changing permission on my /var/log/snort directory, but it
> doesn't take the changes.
>
> On Wed, Nov 30, 2016 at 2:59 PM, Al Lewis (allewi) <allewi at ...589...>
> wrote:
>
>> The error is “ERROR: OpenAlertFile() => fopen() alert file
>> /var/log/snort/alert: *Permission denied*"
>>
>> Doesn’t look like snort can write to your logging directory.
>>
>>
>>
>>
>> *Albert Lewis*
>>
>> ENGINEER.SOFTWARE ENGINEERING
>>
>> SOURCE*fire*, Inc. now part of *Cisco*
>>
>> Email: allewi at ...589...
>>
>> From: Amal Saeed <amal.saeed at ...17680...>
>> Date: Wednesday, November 30, 2016 at 2:51 PM
>> To: 'snort-users' <snort-users at lists.sourceforge.net>
>> Subject: [Snort-users] ERROR: can't find nfq DAQ
>>
>> Hello,
>>
>> I'm trying to run Snort in inline mode (-Q), but I kept running into this
>> problem, where it says can't find nfq DAQ even though I see nfq listed in
>> my --daq-list. I've tried troubleshooting with every source I found online,
>> but now I get a different error.
>>
>> If I run: *snort --daq nfq -Q -c /etc/snort/snort.conf*
>> I get:
>> Log directory = /var/log/snort
>> ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert:
>> Permission denied
>> Fatal Error, Quitting..
>>
>> If I run: *snort -T -c /etc/snort/snort.conf*
>> I get:
>> [ Number of patterns truncated to 20 bytes: 497 ]
>> ERROR: Active response: can't open ip!
>> Fatal Error, Quitting..
>>
>> I have an IP address and I can ping myself/others and receive pings with
>> no issue.
>>
>> Please advise on what I can do to resolve this, thank you!
>>
>> --
>> Amal Saeed
>> Simmons College '17, B.S. Computer Science & Information Technology
>> Secretary, 2017 Class Council
>> Co-Vice President, Computer Science & Mathematics Liaison
>> Technology Assistant, *Simmons Technology Support Center*
>>
>
>
>
> --
> Amal Saeed
> Simmons College '17, B.S. Computer Science & Information Technology
> Secretary, 2017 Class Council
> Co-Vice President, Computer Science & Mathematics Liaison
> Technology Assistant, *Simmons Technology Support Center*
>



-- 
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, *Simmons Technology Support Center*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/3c5e9cca/attachment.html>


More information about the Snort-users mailing list