Snort mailing list archives
Re: Problems installing/configuring Snort on Fedora
From: Michael Brown <redcrosse () verizon net>
Date: Thu, 07 May 2015 17:34:24 -0500
Okay, I think I found the solution to at least part of my problems. In order to get Snort to run in test mode, and
then production modes, I had to take the following steps.
1. Removed the username and group fields from the command and add the daq manually. The resulting command looked like
this:
./snort -T -i eno1 -c /etc/snort/snort.conf —daq pcap
That resulted in a successful test.
2. Added pcap to the daq portion of the config file. The resulting portion of the config file now looks like this:
#Configure DAQ relad options for inline operation. For more information , see README.daq
config daq: pcap
The resulting test command looked like this:
./snort -T -i eno1 -c /etc/snort/snort.conf
That, also, resulted in a successful test.
3. On a whim, I ran the snort -A command with sudo and that seemed to work. Adding the -L option ensured logging. The
resulting command looked like:
sudo ./snort -A fast -b -d -i eno1 -c /etc/snort/snort.conf -L /var/log/snort
Snort is now running and logging output.
I would like to be able to run Snort without typing sudo. I added the Snort user to the sudoers file, but that did not
help. There is a permissions problem somewhere. Any ideas?
Thanks
Redcrosse
On May 7, 2015, at 12:25 PM, Joel Esler (jesler) <jesler () cisco com> wrote: You’ve specified the interface as "eno1”. Is that the correct interface on Fedora? -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problems installing/configuring Snort on Fedora snort_user (May 07)
- Re: Problems installing/configuring Snort on Fedora Joel Esler (jesler) (May 07)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 07)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 07)
- Re: Problems installing/configuring Snort on Fedora Joel Esler (jesler) (May 07)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 07)
- Re: Problems installing/configuring Snort on Fedora Y M (May 08)
- Re: Problems installing/configuring Snort on Fedora snort_user (May 08)
- Re: Problems installing/configuring Snort on Fedora Y M (May 08)
- Re: Problems installing/configuring Snort on Fedora Michael Brown (May 08)
- Re: Problems installing/configuring Snort on Fedora Joel Esler (jesler) (May 07)