Snort mailing list archives
Error using the -T option
From: "Mike Koponick" <mike () redhawk info>
Date: Tue, 10 Dec 2002 08:48:47 -0800
Hello all,
I just added a second ethernet card to my sensor and am having an issue
while running snort with the -T option. When I do run it with the -T option,
I get the following error:
-sh-2.05b# ./snortd test
Testing Snort's ConfgurationInitializing Output Plugins!
Log directory = /var/log/snort
Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
parse error
PCAP command: eth1
Fatal Error, Quitting..
"snortd test" does the following:
test)
echo -n "Testing Snort's Confguration"
/usr/local/bin/snort -T $INTERFACE -c $CONFIG
echo
;;
The interface being "eth1" which is set in the script.
All worked fine when I use eth0 as my sensor card.
Any suggestions?
Thanks in advance,
Mike
Here is more info:
Dec 10 08:46:28 LogServer snortd: snort shutdown succeeded
Dec 10 08:46:28 LogServer kernel: eth1: Setting promiscuous mode.
Dec 10 08:46:28 LogServer kernel: device eth1 entered promiscuous mode
Dec 10 08:46:28 LogServer snort: Initializing daemon mode
Dec 10 08:46:28 LogServer snort: PID path stat checked out ok, PID path set
to /var/run/
Dec 10 08:46:29 LogServer snort: Writing PID "8459" to file
"/var/run//snort_eth1.pid"
Dec 10 08:46:29 LogServer snort: http_decode arguments:
Dec 10 08:46:29 LogServer snort: Unicode decoding
Dec 10 08:46:29 LogServer snort: IIS alternate Unicode decoding
Dec 10 08:46:29 LogServer snort: IIS double encoding vuln
Dec 10 08:46:29 LogServer snort: Flip backslash to slash
Dec 10 08:46:29 LogServer snort: Include additional whitespace
separators
Dec 10 08:46:29 LogServer snort: Ports to decode http on: 80
Dec 10 08:46:29 LogServer snort: rpc_decode arguments:
Dec 10 08:46:29 LogServer snort: Ports to decode RPC on: 111 32771
Dec 10 08:46:29 LogServer snort: telnet_decode arguments:
Dec 10 08:46:29 LogServer snort: Ports to decode telnet on: 21 23 25 119
Dec 10 08:46:29 LogServer snort: Conversation Config:
Dec 10 08:46:29 LogServer snort: KeepStats: 0
Dec 10 08:46:29 LogServer snort: Conv Count: 32000
Dec 10 08:46:29 LogServer snort: Timeout : 60
Dec 10 08:46:29 LogServer snort: Alert Odd?: 0
Dec 10 08:46:29 LogServer snort: Allowed IP Protocols:
Dec 10 08:46:29 LogServer snort: All
Dec 10 08:46:29 LogServer snort:
Dec 10 08:46:29 LogServer snort: Portscan2 config:
Dec 10 08:46:29 LogServer snort: log: /var/log/snort/scan.log
Dec 10 08:46:29 LogServer snort: scanners_max: 3200
Dec 10 08:46:29 LogServer snort: targets_max: 5000
Dec 10 08:46:29 LogServer snort: target_limit: 5
Dec 10 08:46:29 LogServer snort: port_limit: 20
Dec 10 08:46:29 LogServer snort: timeout: 60
Dec 10 08:46:29 LogServer snort: WARNING: unknown output plugin: 'trap_snmp'
Dec 10 08:46:29 LogServer last message repeated 3 times
Dec 10 08:46:29 LogServer snort: Snort initialization completed
successfully, Snort running
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Erek Adams (Oct 14)
- RE: (no subject) Bob Dehnhardt (Oct 14)
- (no subject) Nanabhay Mohamed * Group (GP) (Oct 16)
- (no subject) Kreimendahl, Chad J (Oct 22)
- (no subject) Ha Tu (Oct 27)
- Re: (no subject) Erek Adams (Oct 27)
- (no subject) Philippe Dhont (Sea-ro) (Nov 18)
- Re: (no subject) Xavi Altafulla (Nov 18)
- (no subject) counterping (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Error using the -T option Mike Koponick (Dec 10)
- Re: Error using the -T option Erick Mechler (Dec 10)
- RE: Error using the -T option Mike Koponick (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Re: (no subject) James-lists (Dec 12)