[Snort-users] ERROR: can't find nfq DAQ

Amal Saeed amal.saeed at ...17680...
Wed Nov 30 17:05:16 EST 2016


When I ran it as root, it validated the configuration, just like that! But
now my nfq module is missing.

On Wed, Nov 30, 2016 at 4:15 PM, Al Lewis (allewi) <allewi at ...589...> wrote:

> Couple of things to try as a test.
>
> 1) try running it as root (for permissions).
>
> 2) create the alert file then
>
> 3) run snort without logging enabled
>
>
> When you start snort the user has to have elevated privileges. So a
> regular use may not cut it..
>
>
> See the DAQ readme:
>
> NFQ Module
> ==========
>
> NFQ is the new and improved way to process iptables packets:
>
>     ./snort --daq nfq \
>         [--daq-var device=<dev>] \
>         [--daq-var proto=<proto>] \
>         [--daq-var queue=<qid>]
>
>     <dev> ::= ip | eth0, etc; default is IP injection
>     <proto> ::= ip4 | ip6 |; default is ip4
>     <qid> ::= 0..65535; default is 0
>
> *This module can not run unprivileged so ./snort -u -g will produce a
> warning*
> *and won't change user or group.*
>
> Notes on iptables are given below.
>
>
> *Albert Lewis*
>
> ENGINEER.SOFTWARE ENGINEERING
>
> SOURCE*fire*, Inc. now part of *Cisco*
>
> Email: allewi at ...589...
>
> From: Amal Saeed <amal.saeed at ...17680...>
> Date: Wednesday, November 30, 2016 at 3:33 PM
>
> To: allewi <allewi at ...589...>
> Cc: 'snort-users' <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] ERROR: can't find nfq DAQ
>
> I have full permissions though (see attached)?
>
> On Wed, Nov 30, 2016 at 3:19 PM, Amal Saeed <amal.saeed at ...17680...>
> wrote:
>
>> I'm running as a regular user.
>>
>> On Wed, Nov 30, 2016 at 3:17 PM, Al Lewis (allewi) <allewi at ...589...>
>> wrote:
>>
>>> Permissions on the directory wouldn’t be something snort can control.
>>>
>>> Who are you running snort as? root? regular user?
>>>
>>>
>>>
>>> *Albert Lewis*
>>>
>>> ENGINEER.SOFTWARE ENGINEERING
>>>
>>> SOURCE*fire*, Inc. now part of *Cisco*
>>>
>>> Email: allewi at ...589...
>>>
>>> From: Amal Saeed <amal.saeed at ...17680...>
>>> Date: Wednesday, November 30, 2016 at 3:05 PM
>>> To: allewi <allewi at ...589...>
>>> Cc: 'snort-users' <snort-users at lists.sourceforge.net>
>>> Subject: Re: [Snort-users] ERROR: can't find nfq DAQ
>>>
>>> So I just ran:  *snort -i wlan0 -c /etc/snort/snort.conf -T*
>>> and Snort successfully validated my configuration.
>>>
>>> I've tried changing permission on my /var/log/snort directory, but it
>>> doesn't take the changes.
>>>
>>> On Wed, Nov 30, 2016 at 2:59 PM, Al Lewis (allewi) <allewi at ...589...>
>>> wrote:
>>>
>>>> The error is “ERROR: OpenAlertFile() => fopen() alert file
>>>> /var/log/snort/alert: *Permission denied*"
>>>>
>>>> Doesn’t look like snort can write to your logging directory.
>>>>
>>>>
>>>>
>>>>
>>>> *Albert Lewis*
>>>>
>>>> ENGINEER.SOFTWARE ENGINEERING
>>>>
>>>> SOURCE*fire*, Inc. now part of *Cisco*
>>>>
>>>> Email: allewi at ...589...
>>>>
>>>> From: Amal Saeed <amal.saeed at ...17680...>
>>>> Date: Wednesday, November 30, 2016 at 2:51 PM
>>>> To: 'snort-users' <snort-users at lists.sourceforge.net>
>>>> Subject: [Snort-users] ERROR: can't find nfq DAQ
>>>>
>>>> Hello,
>>>>
>>>> I'm trying to run Snort in inline mode (-Q), but I kept running into
>>>> this problem, where it says can't find nfq DAQ even though I see nfq listed
>>>> in my --daq-list. I've tried troubleshooting with every source I found
>>>> online, but now I get a different error.
>>>>
>>>> If I run: *snort --daq nfq -Q -c /etc/snort/snort.conf*
>>>> I get:
>>>> Log directory = /var/log/snort
>>>> ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert:
>>>> Permission denied
>>>> Fatal Error, Quitting..
>>>>
>>>> If I run: *snort -T -c /etc/snort/snort.conf*
>>>> I get:
>>>> [ Number of patterns truncated to 20 bytes: 497 ]
>>>> ERROR: Active response: can't open ip!
>>>> Fatal Error, Quitting..
>>>>
>>>> I have an IP address and I can ping myself/others and receive pings
>>>> with no issue.
>>>>
>>>> Please advise on what I can do to resolve this, thank you!
>>>>
>>>> --
>>>> Amal Saeed
>>>> Simmons College '17, B.S. Computer Science & Information Technology
>>>> Secretary, 2017 Class Council
>>>> Co-Vice President, Computer Science & Mathematics Liaison
>>>> Technology Assistant, *Simmons Technology Support Center*
>>>>
>>>
>>>
>>>
>>> --
>>> Amal Saeed
>>> Simmons College '17, B.S. Computer Science & Information Technology
>>> Secretary, 2017 Class Council
>>> Co-Vice President, Computer Science & Mathematics Liaison
>>> Technology Assistant, *Simmons Technology Support Center*
>>>
>>
>>
>>
>> --
>> Amal Saeed
>> Simmons College '17, B.S. Computer Science & Information Technology
>> Secretary, 2017 Class Council
>> Co-Vice President, Computer Science & Mathematics Liaison
>> Technology Assistant, *Simmons Technology Support Center*
>>
>
>
>
> --
> Amal Saeed
> Simmons College '17, B.S. Computer Science & Information Technology
> Secretary, 2017 Class Council
> Co-Vice President, Computer Science & Mathematics Liaison
> Technology Assistant, *Simmons Technology Support Center*
>



-- 
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, *Simmons Technology Support Center*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161130/667eaa10/attachment.html>


More information about the Snort-users mailing list