Hosting Provided By

[Snort-users] (no subject)

From: <jcosta(at)lendleaserei.com>
Date: Thu Feb 27 2003 - 17:32:54 EST

Using snort-1.9.0 and the rules it ships with placed into /etc/snort directory (customized snort.conf files located there also).

I'm trying to get snort to push its alerts into syslog with the following command line: snort -A fast -s -c /etc/snort/snort.conf

When I issue this command (which seems syntactically correct), I get the following error:

Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth1
ERROR: OpenPcap() FSM compilation failed:

parse error
PCAP command: /etc/snort/snort.conf
Fatal Error, Quitting..

I realize that some of the command line args for snort are passed onto libpcap which in this case
is complaining about a parse error. The error looks like its choking on the argument pointing my snort.conf file.

What am I doing wrong here?

Do you need help?

Jeff

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Thu Feb 27 18:21:28 2003

This message: [ Message body ]
Next message: Erek Adams: "Re: [Snort-users] (no subject)"
Previous message: Chris Christianson: "[Snort-users] Logging to both the Alert Log file and a SYSLOG Server"
Next in thread: Erek Adams: "Re: [Snort-users] (no subject)"
Reply: Erek Adams: "Re: [Snort-users] (no subject)"
Reply: Erick Mechler: "Re: [Snort-users] (no subject)"
Reply: Erek Adams: "Re: [Snort-users] (no subject)"
Reply: Erick Mechler: "Re: [Snort-users] (no subject)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:45 EDT