Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort help

From: Nick Moore <nmoore () sourcefire com>
Date: Thu, 23 Feb 2012 04:54:17 -0600
Jagan,

I believe you need two interfaces, not just eth0 to do inline. If your
second inline interface is eth1, then try something like this:

snort -D —daq afpacket -Q -c /usr/local/snort/etc/snort.conf -i eth0:eth1
-l /var/log/snort

Please note I didn't test it yet - have to build an inline setup for that
and didn't have the time this morning. You can also try looking at some of
the snort forums. There's been lots of discussion on this:

https://forums.snort.org/forums/snort-newbies/topics/how-to-work-with-snort-ips

Happy Snorting!

Nick

On Thursday, February 23, 2012, Jagan Mohan Reddy D wrote:



$ sudo /usr/local/snort/bin/snort -de -i eth0 --daq-dir /usr/local/lib/daq
-l /var/log/snort/ -c /usr/local/snort/etc/snort.conf


While using the above command i'm getting the following errors......

[ Number of patterns truncated to 20 bytes: 1041 ]
ERROR: pcap DAQ does not support inline.
Fatal Error, Quitting..

What's wrong in that command .....?

Here i'm attaching my snort.conf

can any one please help me on this error....



----------------
thanks & regards
D J M Reddy





-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: