Snort mailing list archives
RE: Starting Snort Errors-Fedora3
From: "Patrick Harper" <patrick () internetsecurityguru com>
Date: Fri, 11 Mar 2005 04:23:50 -0600
Some stuff changed between the fc2 for 2.2.0 doc and the fc3 for 2.3.0 doc to accommodate changes in the snort tarball. I would suggest going using the new doc. Also I am assuming you are wanting to log to a database at some point right? Or do you just want to dump raw logs? The default logs dir is /var/log/snort, have you tried letting it log there? Or you will need the -l and no . Patrick S. Harper | CISSP RHCT MCSE www.internetsecurityguru.com -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mark Sargent Sent: Friday, March 11, 2005 1:57 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Starting Snort Errors-Fedora3 Hi All, am a Linux user, Fedora3. Rather new to it, and snort as well. I have installed snort and have apache/mysql running. Am following the tutorial for FC2 from Patrick S. Harper. I just tried starting snort and got the following, [root@localhost snort]# snort -i 192.168.0.12 -dev ./var/logs/snortlogs/snort Running in packet dump mode Initializing Network Interface 192.168.0.12 ERROR: OpenPcap() device 192.168.0.12 open: ioctl: No such device Fatal Error, Quitting.. I'm running 2 nics, one for external and one for internal. I want snort to watch the internal, 192.168.0.12 on eth0. I feel perhaps I haven't installed something snort is dependant on, yes,..? I tried a few times, with some differences in the command, [root@localhost ~]# snort -i eth0 -dev ./var/logs/snortlogs/snort Running in packet dump mode Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: illegal char '.' PCAP command: ./var/logs/snortlogs/snort Fatal Error, Quitting.. [root@localhost ~]# snort -i eth0 -dev /var/logs/snortlogs/snort Running in packet dump mode Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: /var/logs/snortlogs/snort Fatal Error, Quitting.. Little lost. Can someone direct to where I should be.? Cheers. Mark Sargent. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Starting Snort Errors-Fedora3 Mark Sargent (Mar 10)
- Re: Starting Snort Errors-Fedora3 James Riden (Mar 11)
- RE: Starting Snort Errors-Fedora3 Patrick Harper (Mar 11)
- Re: Starting Snort Errors-Fedora3 Paul Schmehl (Mar 11)
- <Possible follow-ups>
- RE: Starting Snort Errors-Fedora3 Michael Graybill (Mar 21)