Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ERROR: Can't start DAQ

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Tue, 31 Mar 2015 15:37:03 +0000
Your user needs to be able to open a socket.

Can your snort user run something like tcpdump on an interface? If not then it needs rights.


Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Dan Roberts [mailto:danroberts2604 () gmail com]
Sent: Tuesday, March 31, 2015 11:22 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ERROR: Can't start DAQ

Hi guys,

My snort configuration works pretty well as long as I run it as root during my test.

But for some obvious reason, I want now put it in prod and run it as user "snort", using the options " -u snort -g 
snort ".

This is where I get

--= Initializing Snort =--
Initializing Output Plugins!
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
Fatal Error, Quitting...

I've googled around a bit, without success.

It has surely something to do with some missing rights.....

Do you have any idea ? Does user "snort" have some specific rights ?

Your help would be highly appreciated ;-)

Thanks

Dan



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: