Snort mailing list archives

Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting..

From: Peter Bates <peter.bates () ucl ac uk>
Date: Thu, 10 Oct 2013 11:29:06 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 10/10/2013 11:13, k vijay sai Prashanth wrote:

I am running snort in test mode with the following command to get the error
message displayed below. Please help me.

Command: snort -T -c /etc/snort/snort.conf /usr/local/bin/snort -A console
-q -u root -c /etc/snort/snort.conf -i eth2

Error Message: ERROR: Can't set DAQ BPF filter to '/usr/local/bin/snort'
(pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..


The error is relatively clear - you have an erroenous
'/usr/local/bin/snort' in the middle of your command line.

To test the Snort configuration:

/path/to/snort -i ethX -c /etc/snort/snort-cluster.conf -T 
(where X is 0/1 for eth0, eth1 etc.)

Your command above is a combination of testing and actually running Snort.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSVoFyAAoJELhVoVpEMS6RCb8H/i+Y2fIWkapEGRTCi/kLAD1T
kNScV6AguQKRe31usKN0gnmQyYkCOUuPxnche2+kRseSi0cijS0BHBfAWtmlMvlR
fCLhgC1mdJKAterxcvgyOL+5KpafsNVVPX7tMVDuBBsVH+7wbBBgHG1Rw5hEyPPX
5QMcZpQmc2hk+wdvGtn7sxJSMLUFE5zEhJL2sLoaigiHBXRuOZ9C9/Uc3KNVHt8W
fZi9BP0JwOYoaY7K9ci5L8D3TjxVrJJ4xl2aeOpD3z3BYt+dueyPwCDiBiIYNXVs
/nfTTL0rfVdHkrP1LEIMHqSarRrcFgCLXPeNxKcg9XTKk245chXcyiGdUaHQb+E=
=UHMK
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
- Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. Peter Bates (Oct 10)
- Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
  - Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
    - Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
    - Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. Peter Bates (Oct 10)
    - Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. Peter Bates (Oct 10)