Snort mailing list archives
Re: Problems installing/configuring Snort on Fedora
From: Michael Brown <redcrosse () verizon net>
Date: Thu, 07 May 2015 17:34:24 -0500
Okay, I think I found the solution to at least part of my problems. In order to get Snort to run in test mode, and then production modes, I had to take the following steps. 1. Removed the username and group fields from the command and add the daq manually. The resulting command looked like this: ./snort -T -i eno1 -c /etc/snort/snort.conf —daq pcap That resulted in a successful test. 2. Added pcap to the daq portion of the config file. The resulting portion of the config file now looks like this: #Configure DAQ relad options for inline operation. For more information , see README.daq config daq: pcap The resulting test command looked like this: ./snort -T -i eno1 -c /etc/snort/snort.conf That, also, resulted in a successful test. 3. On a whim, I ran the snort -A command with sudo and that seemed to work. Adding the -L option ensured logging. The resulting command looked like: sudo ./snort -A fast -b -d -i eno1 -c /etc/snort/snort.conf -L /var/log/snort Snort is now running and logging output. I would like to be able to run Snort without typing sudo. I added the Snort user to the sudoers file, but that did not help. There is a permissions problem somewhere. Any ideas? Thanks Redcrosse
On May 7, 2015, at 12:25 PM, Joel Esler (jesler) <jesler () cisco com> wrote: You’ve specified the interface as "eno1”. Is that the correct interface on Fedora? -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problems installing/configuring Snort on Fedora snort_user (May 07)
- Re: Problems installing/configuring Snort on Fedora Joel Esler (jesler) (May 07)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 07)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 07)
- Re: Problems installing/configuring Snort on Fedora Joel Esler (jesler) (May 07)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 07)
- Re: Problems installing/configuring Snort on Fedora Y M (May 08)
- Re: Problems installing/configuring Snort on Fedora snort_user (May 08)
- Re: Problems installing/configuring Snort on Fedora Y M (May 08)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 08)
- Re: Problems installing/configuring Snort on Fedora Joel Esler (jesler) (May 07)