Networking Snort-运行时出错
使用命令Networking Snort-运行时出错,networking,pcap,snort,intrusion-detection,Networking,Pcap,Snort,Intrusion Detection,使用命令sudo snort-C snort.conf-A console-i eth0运行snort(在数据包转储模式下)时出现以下问题: --== Initializing Snort ==-- Initializing Output Plugins! Snort BPF option: snort.conf pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring netwo
sudo snort-C snort.conf-A console-i eth0运行snort(在数据包转储模式下)时出现以下问题:
--== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: snort.conf
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from "eth0".
ERROR: Can't set DAQ BPF filter to 'snort.conf' (pcap_daq_set_filter: pcap_compile: syntax error)!
Fatal Error, Quitting..
有人能提出一个解决方案吗?您使用了错误的选项来加载配置,它应该是小写的'-c'
sudo snort -c snort.conf -A console -i eth0
此外,您可以在运行配置之前使用“-T”测试配置:
sudo snort -T -c snort.conf
试试这个:
sudo service snort
ps ax|grep snortstart
我得到的结果是
/usr/sbin/snort-m027-D-D-l/var/log/snort-usnort-gsnort-gsnort-c
/etc/snort/snort.conf-S HOME_NET=[192.168.0.0/16]-i enp4s0
手册上说
-D在守护进程模式下运行Snort。警报将发送到
/var/log/snort/alert,除非另有规定
所以当我去掉-D,加上-A
sudo /usr/sbin/snort -m 027 -d -l /var/log/snort -u snort -g snort -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i enp4s0 -A console
适用于snort版本2.9.7.0 GRE(Build 149)只需在eth0之前添加“-i”命令即可解决问题