Snort mailing list archives
Re: Snort log is blank
From: Michael Iaconianni <michael.iaconianni () iaspecialists com>
Date: Tue, 2 Aug 2016 18:08:13 +0000
Thank you for getting back to me. Attached is my snort.conf file. And yes I traffic is coming into the device. IP tables are also set up correctly. I can also run snort in other modes. From: "Al Lewis (allewi)" <allewi () cisco com<mailto:allewi () cisco com>> Date: Tuesday, August 2, 2016 at 1:36 PM To: Michael Iaconianni <michael.iaconianni () iaspecialists com<mailto:michael.iaconianni () iaspecialists com>>, "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: Re: [Snort-users] Snort log is blank Hello, Do you have the config to share? If not.. 1) are you able to run snort in another mode? (i.e. afpacket, dump etc). 2) is there traffic coming into the device? 3) is iptables setup correctly? (since you are using nfq) see the daq readme. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Michael Iaconianni <michael.iaconianni () iaspecialists com<mailto:michael.iaconianni () iaspecialists com>> Date: Tuesday, August 2, 2016 at 12:59 PM To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: [Snort-users] Snort log is blank Hello, I’m trying to run snort as an IDS. I use the following command to run snort: snort -Q --daq nfq --daq-var device=br-lan --daq-var queue=1 -c /etc/snort/snort.conf -l log/ -D However, when I check the log it is blank. When I try to read it with snort –r <logname> I get the following output Error can’t initialize DAQ cap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0. I’m guessing theres a problem with my config file. Any help would be greatly appreciated! Thank you, Mike
Attachment:
snort.conf
Description: snort.conf
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort log is blank Michael Iaconianni (Aug 02)
- <Possible follow-ups>
- Re: Snort log is blank Al Lewis (allewi) (Aug 02)
- Re: Snort log is blank Michael Iaconianni (Aug 02)
- Re: Snort log is blank Michael Iaconianni (Aug 02)
- Re: Snort log is blank Michael Iaconianni (Aug 02)