Snort mailing list archives
Re: Enc: Problems to start snort 2.9
From: "Ivani A. Nascimento" <ivani_nascimento () yahoo com br>
Date: Fri, 1 Apr 2011 09:36:47 -0700 (PDT)
Hi folks. As I said earlier, I would try install the new packages rpm (2.9.4). I did it but I can't still start the snort. I reviewed the logs, snort.conf, but nothing. At first glance, everything ok. Now, I'm looking for problems in the SO. Please, someone here is running snort in a virtual environment, specially Xen to share experience with me? Thank you all. Regards, Ivani Nascimento --- Em sex, 1/4/11, Ivani A. Nascimento <ivani_nascimento () yahoo com br> escreveu:
De: Ivani A. Nascimento <ivani_nascimento () yahoo com br> Assunto: Re: [Snort-users] Enc: Problems to start snort 2.9 Para: "Snort Users" <snort-users () lists sourceforge net> Data: Sexta-feira, 1 de Abril de 2011, 10:38 Thanks for your answer. My machine is hosted in a Xen's environment. I'm running CentOS 5.5 , kernel 2.6.18-194.8.1.el5.028stab070.5. As I said, I'm newbie about snort, so I don't know if I forgot any detail configuration. I've already installed the snort in another virtual machine, but the environment was vmware and all the things worked fine. This is my interface: venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:XXX.XXX.XXX.XXX P-t-P:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.XXX Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 Ahn, I'm using snort 2.9.3 (I've used Vincent Cojot's rpms). I saw that there is a new versions the rpm, I'll try update. Thank you all. Regards, Ivani --- Em qui, 31/3/11, Jason Wallace <jason.r.wallace () gmail com> escreveu:De: Jason Wallace <jason.r.wallace () gmail com> Assunto: Re: [Snort-users] Enc: Problems to startsnort 2.9Para: "Ivani A. Nascimento" <ivani_nascimento () yahoo com br> Cc: "Snort Users" <snort-users () lists sourceforge net> Data: Quinta-feira, 31 de Março de 2011, 18:19 If it is a VMware virtual environment, ensure that vmware-tools is installed and the service is started, and then changetheinterface type of the VM to e1000. That should be supported inyourkernel. Newer kernels have support for the new vmxnet3interfaces.... ~ # uname -a Linux uscla1004x 2.6.36-gentoo-r5 #7 SMP Wed Feb 16 13:30:51 EST 2011 x86_64 Intel(R) Xeon(R) CPU X5650 @ 2.67GHzGenuineIntelGNU/Linux ... ~ # zcat /proc/config.gz |grep -i vmx CONFIG_VMXNET3=y So far they appear to be working well for packetcapture.Thx, Wally On Thu, Mar 31, 2011 at 3:27 PM, Ivani A. Nascimento <ivani_nascimento () yahoo com br> wrote:Hi Russ, Thanks for your answer. Really, I saw the postthatyou arementioning, but any answer. Well, the interface is venet0:0; it's a virtual environment. IIt'll be any change in the kernel? I'm using 2.6.18-194.8.1.el5.028stab070.5. Thank you again. --- Em qui, 31/3/11, Russ Combs <rcombs () sourcefire com>escreveu:De: Russ Combs <rcombs () sourcefire com> Assunto: Re: [Snort-users] Enc: Problems tostartsnort 2.9Para: "Ivani A. Nascimento" <ivani_nascimento () yahoo com br> Cc: snort-users () lists sourceforge net Data: Quinta-feira, 31 de Março de 2011, 15:21 Looks like someone posted the same error about ayearago on snort.org with 2.8.5, apparently w/oresolution.What type of interface is it? libpcap willassumeSLL for unknown types and expect the kernel to leaveroom toprepend the header.Appears to be making the wrong assumption. On Thu, Mar 31, 2011 at 1:48 PM, Ivani A.Nascimento<ivani_nascimento () yahoo com br> wrote:Hi, folks! I'm newbie using Snort and I have a doubt. I've googled many sites, lists, but I'm lostabout aweird error.I've installed the snort 2.9 but I can't startit.Looking the logs, I've found:Mar 31 13:45:18 snortlab snort[16294]:--== Initialization Complete ==--Mar 31 13:45:18 snortlab snort[16294]:Commencingpacket processing (pid=16294)Mar 31 13:45:19 snortlab snort[16294]: Can'tacquire(-1) - cooked-mode frame doesn't have room for sllheader!--- --- Mar 31 13:45:50 snortlab snort[16294]:===============================================================================Mar 31 13:45:50 snortlab snort[16294]:===============================================================================Mar 31 13:45:50 snortlab snort[16294]: dcerpc2Preprocessor StatisticsMar 31 13:45:51 snortlab snort[16294]: Totalsessions: 0Mar 31 13:45:51 snortlab snort[16294]:===============================================================================Mar 31 13:45:52 snortlab snort[16294]:===============================================================================Mar 31 13:45:52 snortlab snort[16294]: SnortexitingI'm using CentOS 5.5. Anyone you help me? Thanks for advance, Nix------------------------------------------------------------------------------Create and publish websites with WebMatrix Use the most popular FREE web apps or write codeyourself;WebMatrix provides all the features you need todevelop andpublish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------Create and publish websites with WebMatrix Use the most popular FREE web apps or write codeyourself;WebMatrix provides all the features you need todevelop andpublish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Apr 01)
- Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Apr 01)
- <Possible follow-ups>
- Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Apr 05)