Re: Trouble with Snort --enable-inline

[Ryan Jordan <ryan.jordan () sourcefire com>]

"Not using PCAP_FRAMES" is not an error message. Snort has not hung, it just
doesn't print traffic to stdout.

The first thing to check would be your database setup. Then check your
snort.conf for an "output database" section. See doc/README.database for
examples and explanations.

On Tue, Jun 9, 2009 at 1:20 PM, Oscar Mauricio Benavidez Suarez <
obenavidez () gmail com> wrote:

> Greetings, i have installed on Debian Snort inline enabled
>
> ./configure --enable-inline --with-mysql
> and then i make and checkinstall.
>
> well everything was ok, but now when i'm on base it shows me in the main
> pag:
>
> Sensors/Total: 0 / 1
> and the traffic of the protocols is 0, how can i know if the snort is
> running properly or if the problem is with the base.
>
> i don't have any error and everything looks well
>
> and when i run snort with this statements
>
>  *snort -Q -v -c /etc/snort/snort.conf -l /var/log/snort/*
>
>
> *at the end it shows to me this*
>
>
>         --== Initialization Complete ==--
>
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.8.4.1 (Build 38) inline
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/team.html
>            Copyright (C) 1998-2009 Sourcefire, Inc., et al.
>            Using PCRE version: 7.6 2008-01-28
>
>            Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.10  <Build
> 16>
>            Preprocessor Object: SF_SSH  Version 1.1  <Build 1>
>            Preprocessor Object: SF_SMTP  Version 1.1  <Build 7>
>            Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 11>
>            Preprocessor Object: SF_DNS  Version 1.1  <Build 2>
>            Preprocessor Object: SF_DCERPC  Version 1.1  <Build 4>
> Not Using PCAP_FRAMES
>
>  but it looks like never leasing the traffic stay there and don't shows
> anything, well if you people of the list know something abotu this i will
> very grateful, another thing that's form my projecto in the unversity and a
> i need to show a IPS working so if you have anoter idea or a guide complete
> with the right installers and rules, please i'll appreciate it.
>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users