Snort mailing list archives
Error using the -T option
From: "Mike Koponick" <mike () redhawk info>
Date: Tue, 10 Dec 2002 08:48:47 -0800
Hello all, I just added a second ethernet card to my sensor and am having an issue while running snort with the -T option. When I do run it with the -T option, I get the following error: -sh-2.05b# ./snortd test Testing Snort's ConfgurationInitializing Output Plugins! Log directory = /var/log/snort Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: parse error PCAP command: eth1 Fatal Error, Quitting.. "snortd test" does the following: test) echo -n "Testing Snort's Confguration" /usr/local/bin/snort -T $INTERFACE -c $CONFIG echo ;; The interface being "eth1" which is set in the script. All worked fine when I use eth0 as my sensor card. Any suggestions? Thanks in advance, Mike Here is more info: Dec 10 08:46:28 LogServer snortd: snort shutdown succeeded Dec 10 08:46:28 LogServer kernel: eth1: Setting promiscuous mode. Dec 10 08:46:28 LogServer kernel: device eth1 entered promiscuous mode Dec 10 08:46:28 LogServer snort: Initializing daemon mode Dec 10 08:46:28 LogServer snort: PID path stat checked out ok, PID path set to /var/run/ Dec 10 08:46:29 LogServer snort: Writing PID "8459" to file "/var/run//snort_eth1.pid" Dec 10 08:46:29 LogServer snort: http_decode arguments: Dec 10 08:46:29 LogServer snort: Unicode decoding Dec 10 08:46:29 LogServer snort: IIS alternate Unicode decoding Dec 10 08:46:29 LogServer snort: IIS double encoding vuln Dec 10 08:46:29 LogServer snort: Flip backslash to slash Dec 10 08:46:29 LogServer snort: Include additional whitespace separators Dec 10 08:46:29 LogServer snort: Ports to decode http on: 80 Dec 10 08:46:29 LogServer snort: rpc_decode arguments: Dec 10 08:46:29 LogServer snort: Ports to decode RPC on: 111 32771 Dec 10 08:46:29 LogServer snort: telnet_decode arguments: Dec 10 08:46:29 LogServer snort: Ports to decode telnet on: 21 23 25 119 Dec 10 08:46:29 LogServer snort: Conversation Config: Dec 10 08:46:29 LogServer snort: KeepStats: 0 Dec 10 08:46:29 LogServer snort: Conv Count: 32000 Dec 10 08:46:29 LogServer snort: Timeout : 60 Dec 10 08:46:29 LogServer snort: Alert Odd?: 0 Dec 10 08:46:29 LogServer snort: Allowed IP Protocols: Dec 10 08:46:29 LogServer snort: All Dec 10 08:46:29 LogServer snort: Dec 10 08:46:29 LogServer snort: Portscan2 config: Dec 10 08:46:29 LogServer snort: log: /var/log/snort/scan.log Dec 10 08:46:29 LogServer snort: scanners_max: 3200 Dec 10 08:46:29 LogServer snort: targets_max: 5000 Dec 10 08:46:29 LogServer snort: target_limit: 5 Dec 10 08:46:29 LogServer snort: port_limit: 20 Dec 10 08:46:29 LogServer snort: timeout: 60 Dec 10 08:46:29 LogServer snort: WARNING: unknown output plugin: 'trap_snmp' Dec 10 08:46:29 LogServer last message repeated 3 times Dec 10 08:46:29 LogServer snort: Snort initialization completed successfully, Snort running ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Erek Adams (Oct 14)
- RE: (no subject) Bob Dehnhardt (Oct 14)
- (no subject) Nanabhay Mohamed * Group (GP) (Oct 16)
- (no subject) Kreimendahl, Chad J (Oct 22)
- (no subject) Ha Tu (Oct 27)
- Re: (no subject) Erek Adams (Oct 27)
- (no subject) Philippe Dhont (Sea-ro) (Nov 18)
- Re: (no subject) Xavi Altafulla (Nov 18)
- (no subject) counterping (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Error using the -T option Mike Koponick (Dec 10)
- Re: Error using the -T option Erick Mechler (Dec 10)
- RE: Error using the -T option Mike Koponick (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Re: (no subject) James-lists (Dec 12)