[Snort-users] ERROR: can't find nfq DAQ

Amal Saeed amal.saeed at ...17680...
Wed Nov 30 15:33:41 EST 2016


I have full permissions though (see attached)?

On Wed, Nov 30, 2016 at 3:19 PM, Amal Saeed <amal.saeed at ...17680...> wrote:

> I'm running as a regular user.
>
> On Wed, Nov 30, 2016 at 3:17 PM, Al Lewis (allewi) <allewi at ...589...>
> wrote:
>
>> Permissions on the directory wouldn’t be something snort can control.
>>
>> Who are you running snort as? root? regular user?
>>
>>
>>
>> *Albert Lewis*
>>
>> ENGINEER.SOFTWARE ENGINEERING
>>
>> SOURCE*fire*, Inc. now part of *Cisco*
>>
>> Email: allewi at ...589...
>>
>> From: Amal Saeed <amal.saeed at ...17680...>
>> Date: Wednesday, November 30, 2016 at 3:05 PM
>> To: allewi <allewi at ...589...>
>> Cc: 'snort-users' <snort-users at lists.sourceforge.net>
>> Subject: Re: [Snort-users] ERROR: can't find nfq DAQ
>>
>> So I just ran:  *snort -i wlan0 -c /etc/snort/snort.conf -T*
>> and Snort successfully validated my configuration.
>>
>> I've tried changing permission on my /var/log/snort directory, but it
>> doesn't take the changes.
>>
>> On Wed, Nov 30, 2016 at 2:59 PM, Al Lewis (allewi) <allewi at ...589...>
>> wrote:
>>
>>> The error is “ERROR: OpenAlertFile() => fopen() alert file
>>> /var/log/snort/alert: *Permission denied*"
>>>
>>> Doesn’t look like snort can write to your logging directory.
>>>
>>>
>>>
>>>
>>> *Albert Lewis*
>>>
>>> ENGINEER.SOFTWARE ENGINEERING
>>>
>>> SOURCE*fire*, Inc. now part of *Cisco*
>>>
>>> Email: allewi at ...589...
>>>
>>> From: Amal Saeed <amal.saeed at ...17680...>
>>> Date: Wednesday, November 30, 2016 at 2:51 PM
>>> To: 'snort-users' <snort-users at lists.sourceforge.net>
>>> Subject: [Snort-users] ERROR: can't find nfq DAQ
>>>
>>> Hello,
>>>
>>> I'm trying to run Snort in inline mode (-Q), but I kept running into
>>> this problem, where it says can't find nfq DAQ even though I see nfq listed
>>> in my --daq-list. I've tried troubleshooting with every source I found
>>> online, but now I get a different error.
>>>
>>> If I run: *snort --daq nfq -Q -c /etc/snort/snort.conf*
>>> I get:
>>> Log directory = /var/log/snort
>>> ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert:
>>> Permission denied
>>> Fatal Error, Quitting..
>>>
>>> If I run: *snort -T -c /etc/snort/snort.conf*
>>> I get:
>>> [ Number of patterns truncated to 20 bytes: 497 ]
>>> ERROR: Active response: can't open ip!
>>> Fatal Error, Quitting..
>>>
>>> I have an IP address and I can ping myself/others and receive pings with
>>> no issue.
>>>
>>> Please advise on what I can do to resolve this, thank you!
>>>
>>> --
>>> Amal Saeed
>>> Simmons College '17, B.S. Computer Science & Information Technology
>>> Secretary, 2017 Class Council
>>> Co-Vice President, Computer Science & Mathematics Liaison
>>> Technology Assistant, *Simmons Technology Support Center*
>>>
>>
>>
>>
>> --
>> Amal Saeed
>> Simmons College '17, B.S. Computer Science & Information Technology
>> Secretary, 2017 Class Council
>> Co-Vice President, Computer Science & Mathematics Liaison
>> Technology Assistant, *Simmons Technology Support Center*
>>
>
>
>
> --
> Amal Saeed
> Simmons College '17, B.S. Computer Science & Information Technology
> Secretary, 2017 Class Council
> Co-Vice President, Computer Science & Mathematics Liaison
> Technology Assistant, *Simmons Technology Support Center*
>



-- 
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, *Simmons Technology Support Center*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/10cc34f9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-11-30 at 3.26.34 PM.png
Type: image/png
Size: 35877 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/10cc34f9/attachment.png>


More information about the Snort-users mailing list