Snort mailing list archives
Re: Problem starting snort
From: David López Zajara (Er_Maqui) <er_maqui () darkbolt net>
Date: Thu, 7 Jul 2011 16:30:04 +0200
Resolved. The problem are referred to this debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625443 A new version of libpcap who requires new kernel version to work. Thanks for our help, http://maqui.darkbolt.net/ Linux registered user ~#363219 PGP keys avaiables at KeyServ. ID: 0x4233E9F2 Los hombres somos esclavos de la historia On Tue, Jul 5, 2011 at 19:03, David López Zajara (Er_Maqui) <er_maqui () darkbolt net> wrote:
Hi, There's the data: Debian: sid. rc snort 2.7.0-17 flexible Network Intrusion Detection System ii libpcap0.8 1.1.1-6 system interface for user-level packet capture Now, snort are on inconsistent status (for dpkg) because the start fails on the configuration process and break all the update. I make the installation with apt-get package manager. The update will covered snort, new gcc, some mysql binaries and another libraries. The update covers, on the network layer, the firewall (working properly after update them), snort (breaked), netbase, but not libpcap. For installing snort, i've used before today the default from debian package (start-stop-daemon --start --quiet --pidfile /var/run/snort_eth0.pid --exec snort -- -c /etc/snort/snort.eth0.conf -S "HOME_NET=192.168.0.0/22" -i eth0 > /dev/null Today, i've added to the configuration the param -v, but the log on /var/log/daemon.log doesn't have more relevant information of these problem. Regards, http://maqui.darkbolt.net/ Linux registered user ~#363219 PGP keys avaiables at KeyServ. ID: 0x4233E9F2 Los hombres somos esclavos de la historia On Tue, Jul 5, 2011 at 16:08, Nick Moore <nmoore***sourcefire.com> wrote:David, Can you re-post with some more information? What did you update? Version of Snort, Debian, libpcap, daq? How did you install Snort - from source, rpm or with other code like a firewall such as pfSense? Command you are using to start Snort? Thanks! Nick On Tue, Jul 5, 2011 at 6:44 AM, David López Zajara (Er_Maqui) <er_maqui () darkbolt net> wrote:Hi, I have a debian box with snort installed. Before updating today, i have problems to start snort: There's the relevant line of the start log: Jul 5 13:43:32 firewall snort[21411]: Initializing Network Interface eth0 Jul 5 13:43:32 firewall snort[21411]: FATAL ERROR: OpenPcap() device eth0 open: eth0: getsockopt: Protocol not available I've tested changing the interface to eth1, 2 or 3 without another result. Can someone help me with this problem? Thanks, http://maqui.darkbolt.net/ Linux registered user ~#363219 PGP keys avaiables at KeyServ. ID: 0x4233E9F2 Los hombres somos esclavos de la historia ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation-- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org www.immunet.com
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Problem starting snort Er_Maqui (Jul 05)
- Message not available
- Message not available
- Fwd: Problem starting snort Er_Maqui (Jul 05)
- Re: Problem starting snort Er_Maqui (Jul 07)
- Message not available
- Message not available