Snort mailing list archives

Previous By Date Next
Previous By Thread Next

cannot decode data link type 239

From: Sharif Uddin <Sharif.Uddin () spectrumasa com>
Date: Tue, 9 Sep 2014 16:33:19 +0000
Hello

I have had snort running for a while without problems, just recently it has not logged anything which is weird. When I 
done strace on snort I found the following problem


socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
ioctl(4, SIOCGIFADDR, {ifr_name="nflog", ???}) = -1 ENODEV (No such device)
close(4)                                = 0
write(2, "ERROR: Cannot decode data link t"..., 40ERROR: Cannot decode data link type 239
) = 40
write(2, "Fatal Error, Quitting..\n", 24Fatal Error, Quitting..



I have googled this and all answers point to running extra command on build. But my snort was running fine, which does 
not make sense


I use following to run snort


snort -q -u snort -g snort -c /etc/snort/snort.conf -i ens34 -D
barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo


how do I fix this



Sharif Uddin
Development/Support Engineer
-------------------

Spectrum Geo Ltd
Dukes Court, Duke Street
Woking, Surrey
GU21 5BH
UNITED KINGDOM

Tel: +44 (0) 1483 730201
Fax: +44 (0) 1483 762620

www.spectrumasa.com<http://www.spectrumasa.com/>


IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or 
parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt 
from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, 
copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify 
the sender immediately and delete the original message without making any copies. Copyright in this email and any 
attachments belong to Spectrum Geo Limited.
We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses 
or damages that you may suffer as a result of your receipt of this email.
Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation.
Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered 
office: 95 Aldwych, London WC2B 4JF.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce.
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: