Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ERROR: OpenPcap() FSM compilation failed:

From: hadi tounsi <hdtounsi () gmail com>
Date: Sun, 27 Feb 2011 10:04:08 +0000
thank you very much to accept help me to resolve the problem ,


in first  when i start snort like service in  /etc/init.d/snort start   it
work properly  , but when  try to start sent event from  snort installed in
windows platform (windows server 2003 ) to linux platform  and i
reconfigure  snort.conf like :

output database: alert, mysql , user=root password=xxxxxxxxx dbname=snort
host=192.168.0.20 logfile=fast_alert.log
output database: log, mysql  , user=root password=xxxxxxxxxx dbname=snort
host=192.168.0.20 logfile=fast_log.log


c:\python27\python.exe ossim-agent -v -c c:\snort\etc\ossim\agent\config.cfg

but when i try to connect to server  ,established successful , but after
when i try to restart snort service it been message if error :
No snort instance found to be stopped! failed!

the command using  : snort -c /etc/snort/snort.conf -l /var/log/snort/ -i 1
but when i use the command : snort -c /etc/snort/snort.conf -l
/var/log/snort/ -i eth0  it work  ,and   it sent event snort in
/var/log/snort/  without  Using PCAP_FRAMES

the version of my  system  is : Debian GNU/Linux 5.0 \n \l


best regard     hadi tounsi

security network

2011/2/25 Nick Moore <nmoore () sourcefire com>


Hadi,

I'm not sure what distro you are using nor if you compiled from scratch,
but here are some things I would check:

- Is daq properly compiled and installed?

- Do you have all the proper pcap libraries installed in place where snort
can find them?

- What command are you using to start snort?

In order to provide better help, we would need to kmow your llinux version,
your snort startup command, any set up guides you used....

Please lst us know.

Sent from my mobile

Nick Moore

On Feb 24, 2011 9:50 PM, "hadi tounsi" <hdtounsi () gmail com> wrote:

hello , i try to restat snort but it showing the following message :


*** interface device lookup found: eth0
***

Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
        syntax error
PCAP command: restart




please help me to get solution for the problem


regards hadi tounsi

security network


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT
data
generated by your applications, servers and devices whether physical,
virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: