Snort mailing list archives
Re: Snort-devel Digest, Vol 114, Issue 2
From: rahul yadav <cseyadav () gmail com>
Date: Mon, 18 Jan 2016 05:43:36 -0500
This message come when log(pcap) file is not is standard TCPDUMP log fromat , which is printed by matching magic number present in header of file. try reading same file with tcpdump instead of snort. snort log is not a standard pcap file format , so it neither an error with snort nor with log file. as far as i know . thanks Rahul Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to read-file.
ERROR: Can't initialize DAQ pcap (-1) - bad dump file format
Fatal Error, Quitting..
On Fri, Jan 15, 2016 at 5:00 AM, <snort-devel-request () lists sourceforge net> wrote:
Send Snort-devel mailing list submissions to snort-devel () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-devel or, via email, send a message with subject or body 'help' to snort-devel-request () lists sourceforge net You can reach the person managing the list at snort-devel-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-devel digest..." Today's Topics: 1. Fwd: Error in log file of Snort (Ajay Khadpe) ---------------------------------------------------------------------- Message: 1 Date: Fri, 15 Jan 2016 15:30:30 +0530 From: Ajay Khadpe <khadpeajay797 () gmail com> Subject: [Snort-devel] Fwd: Error in log file of Snort To: snort-devel () lists sourceforge net Message-ID: < CAFWxWd69HyvLo8uaMfkj24rdB6s8R74QrRvPAVsciaXFS9R3hw () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi, I have configures snort into inline mode with DAQ as NFq. I am able to drop packets also. But logs that generated are showing error. Following is sample of error: snort -r /var/log/snort/snort.log.1294747044Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! pcap DAQ configured to read-file. ERROR: Can't initialize DAQ pcap (-1) - bad dump file format Fatal Error, Quitting..Please see attached configuration file and tell me how I will avoid this error? -- Thanks & Regards Khadpe Ajay JS -- Thanks & Regards Khadpe Ajay JS -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: snort.conf Type: application/octet-stream Size: 28315 bytes Desc: not available ------------------------------ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 ------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel End of Snort-devel Digest, Vol 114, Issue 2 *******************************************
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-devel Digest, Vol 114, Issue 2 rahul yadav (Jan 18)