[Snort-users] Snort inline test works but Snort inline doesn't work...

Dorian ROSSE dorianbrice at hotmail.fr
Wed May 15 12:47:19 EDT 2019


I went just to push Snort -Q then :

snort -Q
Enabling inline operation
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
ERROR: pcap DAQ does not support inline.
Fatal Error, Quitting..

Now Snort inline test :

When I launch this : snort --enable-inline-test

Snort scan the networks

now try to set up NFQ but It should ready as the ./configure in daq shows :

snort --daq nfq [--daq-var device=enp5s0][--daq-var proto=ipv6][--daq-var queue=0]
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: [--daq-var device=enp5s0][--daq-var proto=ipv6][--daq-var queue=0]
nfq DAQ configured to passive.
ERROR: Can't set DAQ BPF filter to '[--daq-var device=enp5s0][--daq-var proto=ipv6][--daq-var queue=0]' (nfq_daq_set_filter: failed to compile bpf '[--daq-var device=enp5s0][--daq-var proto=ipv6][--daq-var queue=0]')!
Fatal Error, Quitting..

I installed bcc from iovisor It is a BPF programs in C… C#... C++

But for repair Snort I don’t know how to repair,

Thank you in advance to repair the snort,

Regards.


Dorian ROSSE.

Provenance : Courrier<https://go.microsoft.com/fwlink/?LinkId=550986> pour Windows 10

________________________________
De : Joel Esler (jesler) <jesler at cisco.com>
Envoyé : Wednesday, May 15, 2019 5:37:53 PM
À : Dorian ROSSE
Cc : snort-users at lists.snort.org
Objet : Re: [Snort-users] Snort inline test works but Snort inline doesn't work...

Hello Dorian,

It would help us immensely if you could provide some type of log or error that you are seeing.


--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On May 14, 2019, at 1:44 PM, Dorian ROSSE via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>> wrote:

Hello everybody,


Snort inline test works but Snort inline doesn't work...

Thank you in advance to explain how to repair that,

Regards.


Dorian Rosse.

Télécharger Outlook pour Android<https://aka.ms/ghei36>

_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

To unsubscribe, send an email to:
snort-users-leave at lists.snort.org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190515/648e513a/attachment.html>


More information about the Snort-users mailing list