no available daq… (very long e-mail)

[Dorian ROSSE via Snort-users <snort-users () lists snort org>]

Hello,


When I run this command line I have an anwser Failure but daq is set up which all daq just ipq isn’t set up :

snort --daq-dir=../daq-2.0.6 --daq-list
No available DAQ modules (try adding directories with --daq-dir).

(I follown this web page : https://www.snort.org/faq/readme-daq)

Now I will try to run all this command line following but I don’t know how to set up var value ☹

snort \
[--daq pcap] \
[--daq-mode inline] \
[--daq-dir ../daq-2.0.6] \
[--daq-var ../../var/lib/snort]

snort \
[--daq afpacket] \
[--daq-mode inline] \
[--daq-dir ../daq-2.0.6] \
[--daq-var /var/lib/snort]

snort \
[--daq dump] \
[--daq-mode inline] \
[--daq-dir ../daq-2.0.6] \
[--daq-var ../../var/lib/snort]

snort \
[--daq nfq] \
[--daq-mode inline] \
[--daq-dir ../daq-2.0.6] \
[--daq-var ../../var/lib/snort]

snort \
[--daq ipfw] \
[--daq-mode inline] \
[--daq-dir ../daq-2.0.6] \
[--daq-var ../../var/lib/snort]


I have this answer :

-bash: var: No such file or directory


Also I have find a lib snort in var finaly I have set up more on the Bottom the var value I try a new step 😊

Now I have this Following error but I knew how to repair :

-bash: ./snort: No such file or directory


This error in the snort folder can be repair by run without the dot ‘.’ and the slash ‘/’ before the snort value finaly 
I set up more Bottom up without the dot and the slash

that crash which an error that I had…

/opt/snort-2.9.12# snort \
> [--daq pcap] \
> [--daq-mode inline] \
> [--daq-dir ../daq-2.0.6] \
> [--daq-var ../../var/lib/snort]
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: [--daq pcap] [--daq-mode inline] [--daq-dir ../daq-2.0.6] [--daq-var ../../var/lib/snort]
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..


Also I run this commad line and that go back to the daq static error ☹

./configure --with-daq-includes=../daq-2.0.6

It is written ‘Running in packet dump mode alors I run the commad line to set up dump mode :

snort \
> [--daq dump] \
> [--daq-mode inline] \
> [--daq-dir ../daq-2.0.6] \
> [--daq-var ../../var/lib/snort]
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: [--daq dump] [--daq-mode inline] [--daq-dir ../daq-2.0.6] [--daq-var ../../var/lib/snort]
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..


I try this two commad line and that return again needing daq static

./configure "CPPFLAGS=-DDEFAULT_DAQ=pcap"

./configure "CPPFLAGS=-DDEFAULT_DAQ=dump"


Now I follown the snort INSTALL doc then I copy paste the config file asked but the daq-modules-config isn’t found by 
‘where’ command line !

I run the followind command line that return an exit by the Failure of the command line !

snort -c etc/snort.conf -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "etc/snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 
5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 
8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
PortVar 'SSH_PORTS' defined :  [ 22 ]
PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 
3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 
8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ]
PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
Detection:
   Search-Method = AC-Full-Q
    Split Any/Any group = enabled
    Search-Method-Optimizations = enabled
    Maximum pattern length = 20
ERROR: etc/snort.conf(253) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules": No such file or 
directory.

Fatal Error, Quitting..

Also I begin by a touch of the file (or folder) missing by ‘sudo touch /usr/local/lib/snort_dynamicrules’ !

Now I have this error Following when I launch tje command line return error :

ERROR: etc/../rules/local.rules(0) Unable to open rules file "etc/../rules/local.rules": No such file or directory.

Also I Watch It miss a local.rules file also do this touch : ‘sudo touch /etc/snort/rules/local.rules’

I have the same error also remove the file for put a directory !

‘sudo rm /etc/snort/rules/local.rules
Sudo mkdir /etc/snort/rules/local.rules’ (without the quotes)

Yesterday I was bore also I downloaded and installed suricata for clean my linux setup !

Thank you in advance to repair the daq static problem,

Regards.


Dorian ROSSE.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette