[Snort-users] Snort++ Build 239

Jim Campbell jim at w4bqp.net
Thu Aug 24 14:27:47 EDT 2017


I installed the latest release of Snort++ (Version 3.0.0 (Build 239) 
from 2.9.8-383) and am having problems.

If I run the following from the command line it runs well and outputs to 
the unified2 file:

" sudo /opt/snort/bin/snort -Q -c /opt/snort/etc/snort/snort.lua --daq 
afpacket -i enp1s0:enp4s0 -u snort -g snort --plugin-path 
/opt/snort/lib/snort_extra -l /var/log/snort -A unified2"

Note: The pointer to the Rules file is included in the configuration file.

However, if I attempt to run Snort as a Service with essentially the 
same command line it fails. Following is the pertinent part of the 
systemd file:

[Service]
# Type=simple
# root needed for nfq inline
User=root
Group=snort
Environment=LUA_PATH=/opt/snort/include/snort/lua/?.lua
Environment=SNORT_LUA_PATH=/opt/snort/etc/snort
ExecStart=/opt/snort/bin/snort -Q -c /opt/snort/etc/snort/snort.lua -u 
snort -g snort --daq afpacket -i enp1s0:enp4s0 --plugin-path 
/opt/snort/lib/snort_extra -l /var/log/snort -A unified2

Following is the pertinent portion of the output from "systemctl status 
snort":

jim at jim-IPS:~$ systemctl status snort
● snort.service - Snort NIPS 3 Daemon
    Loaded: loaded (/lib/systemd/system/snort.service; enabled; vendor 
preset: enabled)
    Active: failed (Result: exit-code) since Thu 2017-08-24 13:53:54 
EDT; 7s ago
   Process: 18527 ExecStart=/opt/snort/bin/snort -Q -q -c 
/opt/snort/etc/snort/snort.lua -u snort -g snort --daq afpacket -i 
enp1s0:enp4s0 --plugin-path /opt/snort/lib/snort_extra -l /var/log/snort 
-A unified2 (code=exited, status=1/FAILURE)
  Main PID: 18527 (code=exited, status=1/FAILURE)

Aug 24 13:53:49 jim-IPS systemd[1]: Started Snort NIPS 3 Daemon.
Aug 24 13:53:54 jim-IPS snort[18527]: ERROR: Can not initgroups(snort,-1)
Aug 24 13:53:54 jim-IPS snort[18527]: FATAL: see prior 1 errors (0 warnings)
Aug 24 13:53:54 jim-IPS snort[18527]: Fatal Error, Quitting..

Thanks,

Jim Campbell

-- 
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin




More information about the Snort-users mailing list