Snort mailing list archives
Re: PF_RING and DAQ compile (0.6.2, and 2.0.0)
From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Thu, 27 Jun 2013 17:22:25 +0000
In the /etc/sysconfig/snort file. To my knowledge the DAQ can not use a
bridge interface, just binding the two together. That’s how afpacket is
working for me anyway. It just errors out when trying to use pfring.
#### General Configuration
# Inline? Set to 1 if yes: Else, set to 0
QUEUE=1
# What interface should snort listen on? [Pick only 1 of the next 3!]
# This is -i {interface} on the command line
# This is the snort.conf config interface: {interface} directive
INTERFACE=eth2:eth3
On 6/27/13 1:05 PM, "waldo kitty" <wkitty42 () windstream net> wrote:
On 6/27/2013 12:51, Avery Rozar wrote:The original error was on a KVM VM. I was using eth1:eth2 and got that error. I moved it to the host, and am now using eth2:eth3 and got the same error but it did state "eth2". I just copied the original error for the post, that¹s why eth1 is in it. No matter what interface I use, I get the same error.ahhh... you are bridging eth2 and eth3?? doesn't that create another interface? br1 or such? where and how are you specifying this eth2:eth3??On 6/27/13 12:04 PM, "waldo kitty"<wkitty42 () windstream net> wrote:On 6/27/2013 11:02, Avery Rozar wrote:Thank you for your answer Tim, I can only assume that you answered my first question on the Meteflows group. I'm getting an error "FATAL ERROR: Can't start DAQ (-1) - pfring_open(): unable to open device 'eth1'. Pleaseeth1...use -i<device>!" when I try to start snort using pfring. I thought maybe is was due to the DAQ compile error. I moved snort off the VM, and on the physical host, and disabled selinux. I still get the same error. Would it be due to the default bnx2 driver, or pfring license issue? Any help is greatly appreciated. ethtool -i eth2eth2... not the same as above... why? ;)-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. -------------------------------------------------------------------------- ---- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PF_RING and DAQ compile (0.6.2, and 2.0.0) Avery Rozar (Jun 26)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) Tim Covel (Jun 26)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) Avery Rozar (Jun 27)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) waldo kitty (Jun 27)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) Avery Rozar (Jun 27)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) waldo kitty (Jun 27)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) Avery Rozar (Jun 27)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) Avery Rozar (Jun 27)
- Re: PF_RING and DAQ compile (0.6.2, and 2.0.0) Tim Covel (Jun 26)