Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Error Starting Snort with DAQ

From: rob iscool <robrob2626 () yahoo com>
Date: Wed, 2 Feb 2011 09:50:06 -0800 (PST)
Disregard this post. I was using -f instead of -c. Midweek blues I guess. 

Thanks
Robert




________________________________
From: Russ Combs <rcombs () sourcefire com>
To: rob iscool <robrob2626 () yahoo com>
Cc: snort-users () lists sourceforge net; Michael Scheidell 
<michael.scheidell () secnap com>; Michael Altizer <maltizer () sourcefire com>
Sent: Wed, February 2, 2011 9:42:43 AM
Subject: Re: Error Starting Snort with DAQ




On Wed, Feb 2, 2011 at 12:34 PM, rob iscool <robrob2626 () yahoo com> wrote:

Has anyone seen this error before. Im running on FreeBSD 72x86.

I sorry if this has answered before.

Robert

========Start of Error==================
#: snort -f /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0
Running in packet dump mode

      --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: /usr/local/etc/snort/snort.conf -l /var/log/snort -v -i vr0



It looks like -c is missing?
 

pcap DAQ configured to passive.

Acquiring network traffic from "vr0".
ERROR: Can't set DAQ BPF filter to '/usr/local/etc/snort/snort.conf -l
/var/log/snort -v -i vr0' (pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..
===========================

======== Start of Patch =========

--- os-daq-modules/daq_pcap.c.orig      2011-01-30 15:28:19.000000000 -0500
+++ os-daq-modules/daq_pcap.c   2011-01-30 15:27:19.000000000 -0500
@@ -216,7 +216,7 @@ static int pcap_daq_initialize(const DAQ
   for (entry = config->values; entry; entry = entry->next)
   {
       if (!strcmp(entry->key, "buffer_size"))
-            context->buffer_size = strtol(entry->key, NULL, 10);
+            context->buffer_size = strtol(entry->value, NULL, 10);
   }
   /* Try to account for legacy PCAP_FRAMES environment variable if we weren't
passed a buffer size. */
   if (context->buffer_size == 0)


=============================









      
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: