Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort log is blank

From: Michael Iaconianni <michael.iaconianni () iaspecialists com>
Date: Tue, 2 Aug 2016 18:08:13 +0000
Thank you for getting back to me. Attached is my snort.conf file. And yes I traffic is coming into the device. IP 
tables are also set up correctly. I can also run snort in other modes.

From: "Al Lewis (allewi)" <allewi () cisco com<mailto:allewi () cisco com>>
Date: Tuesday, August 2, 2016 at 1:36 PM
To: Michael Iaconianni <michael.iaconianni () iaspecialists com<mailto:michael.iaconianni () iaspecialists com>>, 
"snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists sourceforge 
net<mailto:snort-users () lists sourceforge net>>
Subject: Re: [Snort-users] Snort log is blank

Hello,

Do you have the config to share?

If not..

1) are you able to run snort in another mode? (i.e. afpacket, dump etc).
2) is there traffic coming into the device?
3) is iptables setup correctly? (since you are using nfq) see the daq readme.




Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Michael Iaconianni <michael.iaconianni () iaspecialists com<mailto:michael.iaconianni () iaspecialists com>>
Date: Tuesday, August 2, 2016 at 12:59 PM
To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Snort log is blank

Hello,

I’m trying to run snort as an IDS. I use the following command to run snort:
snort -Q --daq nfq --daq-var device=br-lan  --daq-var queue=1 -c /etc/snort/snort.conf -l log/ -D
However, when I check the log it is blank. When I try to read it with snort –r <logname> I get the following output

Error can’t initialize DAQ cap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0. I’m guessing 
theres a problem with my config file. Any help would be greatly appreciated!

Thank you,
Mike

Attachment: snort.conf
Description: snort.conf

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: