Results 1 to 5 of 5

Thread: problems in snort installing.

  1. #1

    Default problems in snort installing.

    Hello again.
    i had problems about installing snort IDS but thanks to this forum i solved them.
    now i have new problems which i hope can help me again.

    i trying to install SNORT 2.9.4.1 and DAQ 2.0.0 in opensuse 12.2 on vmware.
    i did it step by step according to the install guide which i downloaded from the main web site.

    i will exactly write down there the commands which i used with their following messages:

    linux-s211:/usr/sbin # ./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf
    .
    .
    snort successfully validated the configuration!
    Snort exiting

    linux-s211:/usr/sbin # ./snort -i eth0 -D -u snort -g snort -c /etc/snort/snort.conf
    Spawning daemon child...
    My daemon child 3987 lives...
    Daemon parent exiting (0)


    inux-s211:/usr/sbin # ps aux | grep -i "snort"
    snort 3987 0.1 5.4 316068 54936 ? Ssl 11:59 0:00 ./snort -i eth0 -D -u snort -g snort -c /etc/s
    root 3990 0.0 0.0 4172 804 pts/1 S+ 11:59 0:00 grep --color=auto -i snort


    everythings seems ok until here but!!:

    linux-s211:/usr/sbin # /etc/init.d/snort start
    bash: /etc/init.d/snort: Permission denied (i already switched to root and copied snort script to the /etc/init.d directory )

    and this one: (i think this one is more important)

    linux-s211:/usr/sbin # ./snort status

    Running in packet dump mode
    --== Initializing Snort ==--
    Initializing Output Plugins!
    Snort BPF option: status
    pcap DAQ configured to passive.
    Acquiring network traffic from "eth0".
    ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! (i did install libdnet-devel-1.12-15.1.2.i586 and libpcap-devel-1.2.1-3.1.2.i586)
    Fatal Error, Quitting..


    now i really don't where i did wrong! if you need more information about OS or anything else just say it.
    please help me on it.
    Thanks.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,871

    Default Re: problems in snort installing.

    Quote Originally Posted by Bouki View Post
    Hello again.
    i had problems about installing snort IDS but thanks to this forum i solved them.
    now i have new problems which i hope can help me again.

    i trying to install SNORT 2.9.4.1 and DAQ 2.0.0 in opensuse 12.2 on vmware.
    i did it step by step according to the install guide which i downloaded from the main web site.

    i will exactly write down there the commands which i used with their following messages:

    linux-s211:/usr/sbin # ./snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf
    .
    .
    snort successfully validated the configuration!
    Snort exiting

    linux-s211:/usr/sbin # ./snort -i eth0 -D -u snort -g snort -c /etc/snort/snort.conf
    Spawning daemon child...
    My daemon child 3987 lives...
    Daemon parent exiting (0)


    inux-s211:/usr/sbin # ps aux | grep -i "snort"
    snort 3987 0.1 5.4 316068 54936 ? Ssl 11:59 0:00 ./snort -i eth0 -D -u snort -g snort -c /etc/s
    root 3990 0.0 0.0 4172 804 pts/1 S+ 11:59 0:00 grep --color=auto -i snort


    everythings seems ok until here but!!:

    linux-s211:/usr/sbin # /etc/init.d/snort start
    bash: /etc/init.d/snort: Permission denied (i already switched to root and copied snort script to the /etc/init.d directory )

    and this one: (i think this one is more important)

    linux-s211:/usr/sbin # ./snort status

    Running in packet dump mode
    --== Initializing Snort ==--
    Initializing Output Plugins!
    Snort BPF option: status
    pcap DAQ configured to passive.
    Acquiring network traffic from "eth0".
    ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! (i did install libdnet-devel-1.12-15.1.2.i586 and libpcap-devel-1.2.1-3.1.2.i586)
    Fatal Error, Quitting..


    now i really don't where i did wrong! if you need more information about OS or anything else just say it.
    please help me on it.
    Thanks.
    Please,please, please. Copy/paste your terminal emulator commands between [CODE] tags. You get them by clicking on the # button in the toolbar above the post editor. No need to use colours/colors, just the CODE tags.
    Henk van Velden

  3. #3

    Default Re: problems in snort installing.

    Quote Originally Posted by hcvv View Post
    Please,please, please. Copy/paste your terminal emulator commands between [CODE] tags. You get them by clicking on the # button in the toolbar above the post editor. No need to use colours/colors, just the CODE tags.
    as you wish boss.
    so sorry about that. i didnt know.
    Next time i will do it.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,871

    Default Re: problems in snort installing.

    Quote Originally Posted by Bouki View Post
    as you wish boss.
    so sorry about that. i didnt know.
    Next time i will do it.
    I understand, it is a rather hidden feature. But quite important here. Thanks for your cooperation.
    Henk van Velden

  5. #5

    Default Re: problems in snort installing.

    Hello.
    would you please take a look to my post?
    i really need Help!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •