[Snort-users] snort[731]: FATAL ERROR: Cannot decode data link type 113 on openvz VPS

Ajdin Lupčević ajdin at global.ba
Thu Aug 10 03:51:17 EDT 2017


Hello,

I try to test snort on openvz vps because we need to make detection 
system for our dedicated servers when spam is send fro our network.
when I try to start snort with command snort -i venet0:0 -c 
/etc/snort/snort.conf -T I find messages in /var/log/messages as follow:

Aug  9 06:21:50 test snort[730]: 329 out of 1024 flowbits in use.
Aug  9 06:22:10 test snort[730]:
Aug  9 06:22:10 test snort[730]: [ Port Based Pattern Matching Memory ]
Aug  9 06:22:10 test snort[730]: +- [ Aho-Corasick Summary ] 
-------------------------------------
Aug  9 06:22:10 test snort[730]: | Storage Format    : Full-Q
Aug  9 06:22:10 test snort[730]: | Finite Automaton  : DFA
Aug  9 06:22:10 test snort[730]: | Alphabet Size     : 256 Chars
Aug  9 06:22:10 test snort[730]: | Sizeof State      : Variable (1,2,4 
bytes)
Aug  9 06:22:10 test snort[730]: | Instances         : 235
Aug  9 06:22:10 test snort[730]: |     1 byte states : 220
Aug  9 06:22:10 test snort[730]: |     2 byte states : 15
Aug  9 06:22:10 test snort[730]: |     4 byte states : 0
Aug  9 06:22:10 test snort[730]: | Characters        : 193653
Aug  9 06:22:10 test snort[730]: | States            : 149896
Aug  9 06:22:10 test snort[730]: | Transitions       : 23056914
Aug  9 06:22:10 test snort[730]: | State Density     : 60.1%
Aug  9 06:22:10 test snort[730]: | Patterns          : 9789
Aug  9 06:22:10 test snort[730]: | Match States      : 10624
Aug  9 06:22:10 test snort[730]: | Memory (MB)       : 77.61
Aug  9 06:22:10 test snort[730]: |   Patterns        : 1.12
Aug  9 06:22:10 test snort[730]: |   Match Lists     : 2.50
Aug  9 06:22:10 test snort[730]: |   DFA
Aug  9 06:22:10 test snort[730]: |     1 byte states : 1.36
Aug  9 06:22:10 test snort[730]: |     2 byte states : 72.23
Aug  9 06:22:10 test snort[730]: |     4 byte states : 0.00
Aug  9 06:22:10 test snort[730]: 
+----------------------------------------------------------------
Aug  9 06:22:10 test snort[730]: [ Number of patterns truncated to 20 
bytes: 545 ]
Aug  9 06:22:10 test snort[730]: pcap DAQ configured to passive.
Aug  9 06:22:10 test snort[730]: Acquiring network traffic from "venet0:0".
Aug  9 06:22:10 test snort[730]: Initializing daemon mode
Aug  9 06:22:10 test snort[731]: Daemon initialized, signaled parent 
pid: 730
Aug  9 06:22:10 test snort[731]: Reload thread starting...
Aug  9 06:22:10 test snort[731]: Reload thread started, thread 
0x7f6927ecf700 (732)
Aug  9 06:22:10 test snort[731]: FATAL ERROR: Cannot decode data link 
type 113

I also need to tell you that snort is installed via yum and how can I 
make it work on venet0:0 interace that is active interface on openvz 
vps. If you have any guide or you can explain please let me know.

Best regards.

-- 

*Ajdin Lupčević**
*System Administrator/Web Hosting Support

*Globalhost d.o.o. **
*Web Hosting Solutions *
*Kralja Tvrtka 15 · 72290 Novi Travnik · BiH *

*-----------------------------------------------------------------------------------------
Tel: +387 30 795 066 · Fax: +387 30 795 067
Web: www.global.ba <http://www.global.ba/> · E-mail: info at global.ba 
<mailto:info at global.ba>
--------------------------------------------------------------------------------------------
VAŽNA OBAVIJEST:
Ova elektronička pošta može sadržavati podatke povjerljive prirode i 
namijenjena je isključivo osobama naznačenima kao primateljima. Pristup 
od strane bilo koje druge osobe smatra se neovlaštenim. Ukoliko niste 
naznačeni primatelj, svaka distribucija, kopiranje, umnožavanje ili 
otkrivanje sadržaja trećim osobama je strogo zabranjeno i smatra se 
protuzakonitim. Ukoliko ste dobili ovu poruku, a niste naznačeni 
primatelj, molimo Vas da što prije obavijestite pošiljatelja poruke i 
uništite sve postojeće kopije. S obzirom na nepostojanje potpune 
sigurnosti e-mail komunikacije, Globalhost d.o.o. ne preuzima 
odgovornost za eventualnu štetu nastalu uslijed zaraženosti e-mail 
poruke virusom ili drugim štetnim programom, pogrešne ili zakašnjele 
dostave poruke uslijed tehničkih problema. *

*DISCLAIMER:
This e-mail may contain confidential information and is intended only 
for those named as recipients. Access by any other person will be 
considered unauthorised. If you are not the intended recipient, any 
distribution, copying, reproduction or disclosure of its contents to 
third parties is strictly prohibited and shall be considered illegal. If 
you have received this e-mail message and are not the intended 
recipient, please inform the sender as soon as possible and destroy all 
existing copies. Since there is no complete security in e-mail 
communication, the Globalhost d.o.o. no liability for any loss incurred 
as a result of an e-mail message being infected with a virus or any 
other harmful software, mistaken or delayed delivery of a message due to 
technical problems. *
*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170810/9dd80b6b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ajdin.vcf
Type: text/x-vcard
Size: 4 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170810/9dd80b6b/attachment.vcf>


More information about the Snort-users mailing list