[Snort-users] Snort++ Build 239
jim at w4bqp.net
Thu Aug 24 14:27:47 EDT 2017
I installed the latest release of Snort++ (Version 3.0.0 (Build 239)
from 2.9.8-383) and am having problems.
If I run the following from the command line it runs well and outputs to
the unified2 file:
" sudo /opt/snort/bin/snort -Q -c /opt/snort/etc/snort/snort.lua --daq
afpacket -i enp1s0:enp4s0 -u snort -g snort --plugin-path
/opt/snort/lib/snort_extra -l /var/log/snort -A unified2"
Note: The pointer to the Rules file is included in the configuration file.
However, if I attempt to run Snort as a Service with essentially the
same command line it fails. Following is the pertinent part of the
# root needed for nfq inline
ExecStart=/opt/snort/bin/snort -Q -c /opt/snort/etc/snort/snort.lua -u
snort -g snort --daq afpacket -i enp1s0:enp4s0 --plugin-path
/opt/snort/lib/snort_extra -l /var/log/snort -A unified2
Following is the pertinent portion of the output from "systemctl status
jim at jim-IPS:~$ systemctl status snort
● snort.service - Snort NIPS 3 Daemon
Loaded: loaded (/lib/systemd/system/snort.service; enabled; vendor
Active: failed (Result: exit-code) since Thu 2017-08-24 13:53:54
EDT; 7s ago
Process: 18527 ExecStart=/opt/snort/bin/snort -Q -q -c
/opt/snort/etc/snort/snort.lua -u snort -g snort --daq afpacket -i
enp1s0:enp4s0 --plugin-path /opt/snort/lib/snort_extra -l /var/log/snort
-A unified2 (code=exited, status=1/FAILURE)
Main PID: 18527 (code=exited, status=1/FAILURE)
Aug 24 13:53:49 jim-IPS systemd: Started Snort NIPS 3 Daemon.
Aug 24 13:53:54 jim-IPS snort: ERROR: Can not initgroups(snort,-1)
Aug 24 13:53:54 jim-IPS snort: FATAL: see prior 1 errors (0 warnings)
Aug 24 13:53:54 jim-IPS snort: Fatal Error, Quitting..
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin
More information about the Snort-users