Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: problems in snort installing.

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 19 Mar 2013 13:05:16 -0400
Moving conversation back on list.  Please keep it on list.

If you run "snort -c /path/to/snort.conf -i eth0"  what happens?


On Mar 19, 2013, at 1:03 PM, Mohammad MontazerI <mohamad_montazery () yahoo com> wrote:


i tryed it:

linux-s211:/usr/sbin # /etc/init.d/snort status
bash: /etc/init.d/snort: Permission denied



From: Joel Esler <jesler () sourcefire com>
To: Mohammad MontazerI <mohamad_montazery () yahoo com> 
Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> 
Sent: Tuesday, March 19, 2013 9:21 PM
Subject: Re: [Snort-users] problems in snort installing.

Try:

/etc/init.d/snort status

Looks like there may be an error in the docs.



On Mar 19, 2013, at 12:12 PM, Mohammad MontazerI <mohamad_montazery () yahoo com> wrote:


Hello dear all.


You are getting this error because Snort thinks you are trying to issue the word "status" as a bpf.  You aren't 
giving Snort any arguments or commands, in fact "./snort status" doesn't do anything.
"snort -i eth0 -c /path/to/snort.conf -A cmg" should start Snort and make it listen on port eth0. You should see it 
start up and give you alerts if you have traffic on eth0

but i exactly used the snort install guide commands. all commands worked fine except these part of the guide:

Finally, if you have SNORT working in test mode (-T option), try starting SNORT with
/etc/init.d/snort start  (its not working)
 (you should get a running message if all is well). If there is a
problem, check the output in /var/log/messages for additional details as to why snort
failed to start.
Also, you can check the status of snort by issuing the command below (while still in
/etc/init.d):
./snort status <enter> (its not working)
If it's working, you should see the output below:
Checking for service  snort running

how can find out snort working properly?







Ho dear all.
i asked this question and dear waldo suggested to kill one of the snort instance. i did it but nothing happened.
again  same error!
here again my command line after killing snort instance:

 ps aux | grep snort
root      3858  0.0  0.0  4172  804 pts/0    S+  13:21  0:00 grep --color=auto snort

 ./snort status
Running in packet dump mode

       --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: status
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..





------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!







------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: