<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div>This is my command to starrt Snort.<br><br>snort -f /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0</div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br>Thank you for the help<br>Robert<br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Joel Esler <jesler@...1935...><br><b><span style="font-weight: bold;">To:</span></b> rob iscool <robrob2626@...131...><br><b><span style="font-weight: bold;">Cc:</span></b> snort-users@lists.sourceforge.net; Michael Scheidell <michael.scheidell@...8144...><br><b><span style="font-weight: bold;">Sent:</span></b> Wed, February 2, 2011 9:37:59 AM<br><b><span
 style="font-weight: bold;">Subject:</span></b> Re: [Snort-users] Error Starting Snort with DAQ<br></font><br>
<meta http-equiv="x-dns-prefetch-control" content="off">Looks like you are starting Snort incorrectly.<div><br></div><div>What is your full command line?<br><br><div class="gmail_quote">On Wed, Feb 2, 2011 at 12:34 PM, rob iscool <span dir="ltr"><<a rel="nofollow" ymailto="mailto:robrob2626@...131..." target="_blank" href="mailto:robrob2626@...131...">robrob2626@...131...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Has anyone seen this error before. Im running on FreeBSD 72x86.<br>
I sorry if this has answered before.<br>
<br>
Robert<br>
<br>
========Start of Error==================<br>
#: snort -f /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0<br>
Running in packet dump mode<br>
<br>
        --== Initializing Snort ==--<br>
Initializing Output Plugins!<br>
Snort BPF option: /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0<br>
pcap DAQ configured to passive.<br>
Acquiring network traffic from "vr0".<br>
ERROR: Can't set DAQ BPF filter to '/usr/local/etc/snort/snort.conf -l<br>
/var/log/snort -v -i vr0' (pcap_daq_set_filter: pcap_compile: syntax error)!<br>
Fatal Error, Quitting..<br>
===========================<br>
<br>
======== Start of Patch =========<br>
<br>
--- os-daq-modules/daq_pcap.c.orig      2011-01-30 15:28:19.000000000 -0500<br>
+++ os-daq-modules/daq_pcap.c   2011-01-30 15:27:19.000000000 -0500<br>
@@ -216,7 +216,7 @@ static int pcap_daq_initialize(const DAQ<br>
     for (entry = config->values; entry; entry = entry->next)<br>
     {<br>
         if (!strcmp(entry->key, "buffer_size"))<br>
-            context->buffer_size = strtol(entry->key, NULL, 10);<br>
+            context->buffer_size = strtol(entry->value, NULL, 10);<br>
     }<br>
     /* Try to account for legacy PCAP_FRAMES environment variable if we weren't<br>
passed a buffer size. */<br>
     if (context->buffer_size == 0)<br>
<br>
<br>
=============================<br>
<br>
<br>
<br>
<br>
<br>
------------------------------------------------------------------------------<br>
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!<br>
Finally, a world-class log management solution at an even better price-free!<br>
Download using promo code Free_Logger_4_Dev2Dev. Offer expires<br>
February 28th, so secure your free ArcSight Logger TODAY!<br><span>
<a target="_blank" href="http://p.sf.net/sfu/arcsight-sfd2d">http://p.sf.net/sfu/arcsight-sfd2d</a></span><br>
_______________________________________________<br>
Snort-users mailing list<br>
<a rel="nofollow" ymailto="mailto:Snort-users@lists.sourceforge.net" target="_blank" href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a rel="nofollow" target="_blank" href="https://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br><span>
<a target="_blank" href="http://www.geocrawler.com/redir-sf.php3?list=snort-users">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a></span><br>
</blockquote></div><br><br clear="all"><br>-- <br><span>Joel Esler | 706-231-1451 | <a target="_blank" href="http://blog.snort.org">http://blog.snort.org</a> | <a target="_blank" href="http://blog.clamav.net">http://blog.clamav.net</a></span><br>
<br>
</div>
<meta http-equiv="x-dns-prefetch-control" content="on"></div></div>
</div><br>







      </body></html>