Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.9.7.2

From: Stephen Gantz <stephen.gantz () faculty umuc edu>
Date: Mon, 16 Mar 2015 11:54:38 -0400
Ethan,



I have seen this error occur frequently with Snort on Windows, but not
always with a clearly identified cause. Can you confirm that the pcap
output plugin (where log_tcpdump is referenced in snort.conf) is disabled
(that is, commented out)? In addition to ensuring that the line “output
log_tcpdump: tcpdump.log” is commented out (in Step #6 of snort.conf), I
would recommend also including a log directory at the end of Step #2 (a
typical entry would be “config logdir: c:\Snort\log”). Some users have
reported fixing this error by declaring the log directory in the Snort
startup command, with “-l c:\Snort\log” (the command line option there is a
lowercase L, if that’s not clear in this font).



Regards,

Steve



*From:* Ethan Hunt [mailto:ethan.e007mi2 () gmail com]
*Sent:* Sunday, March 15, 2015 9:51 PM
*To:* snort-users () lists sourceforge net
*Subject:* [Snort-users] Snort 2.9.7.2



I'm running Win7 with snort 2.9.7.2 and got this error

the daq version does not support reload.
ERROR: log_tcpdump: Failed to open log file "log/snort.log.1426468125
<snort-users () lists sourceforge net>

How to i fix this?

Thanks.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: