Ubuntu Snort 3.0错误:找不到请求的DAQ模块:pcap
我正试图在Ubuntu 20.04桌面上安装Snort 3.0。我使用手册作为安装指南。一切都进行得很顺利,安装似乎进行得很顺利,但是,在第6页,要使用默认配置文件测试Snort,它希望我通过Ubuntu Snort 3.0错误:找不到请求的DAQ模块:pcap,ubuntu,snort,Ubuntu,Snort,我正试图在Ubuntu 20.04桌面上安装Snort 3.0。我使用手册作为安装指南。一切都进行得很顺利,安装似乎进行得很顺利,但是,在第6页,要使用默认配置文件测试Snort,它希望我通过Snort-c/usr/local/etc/Snort/Snort.lua但是我得到了错误错误:找不到请求的DAQ moduel:pcap我昨天花了几个小时在谷歌上搜索,但什么也找不到。现在,对于Ubuntu,我是一个完全的初学者。我需要安装什么存储库才能进行此操作?谢谢 更新 因此,我从tcpdump安装
Snort-c/usr/local/etc/Snort/Snort.lua错误:找不到请求的DAQ moduel:pcaphttp://www.tcpdump.org/release/libpcap-1.10.0.tar.gz
wget http://www.tcpdump.org/release/libpcap-1.10.0.tar.gz
tar -xzvf libpcap-1.10.0.tar.gz
/usr/local/bin/snort -V
,,_ -*> Snort++ <*-
o" )~ Version 3.1.0.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.0
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 1.1.1f 31 Mar 2020
Using libpcap version 1.9.1 (with TPACKET_V3)
Using PCRE version 8.44 2020-02-12
Using ZLIB version 1.2.11
Using FlatBuffers 1.12.0
Using Hyperscan version 5.3.0 2021-02-01
Using LZMA version 5.2.4
administrator@Ubuntu:~/snort_src$ snort -c /usr/local/etc/snort/snort.lua
--------------------------------------------------
o")~ Snort++ 3.1.0.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
ssh
hosts
host_cache
pop
so_proxy
stream_tcp
smtp
gtp_inspect
packets
dce_http_proxy
stream_icmp
normalizer
alerts
rewrite
ips
stream_udp
binder
wizard
appid
search_engine
file_id
ftp_data
ftp_server
port_scan
dce_http_server
dce_smb
dce_tcp
telnet
ssl
sip
rpc_decode
netflow
http_inspect
network
http2_inspect
modbus
host_tracker
stream_user
stream_ip
trace
back_orifice
classifications
dnp3
active
ftp_client
decode
daq
stream
references
arp_spoof
output
process
dns
dce_udp
imap
stream_file
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
ERROR: Could not find requested DAQ module: pcap
FATAL: see prior 1 errors (0 warnings)
Fatal Error, Quitting..
/usr/local/bin/snort -V
,,_ -*> Snort++ <*-
o" )~ Version 3.1.0.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.0
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 1.1.1f 31 Mar 2020
Using libpcap version 1.9.1 (with TPACKET_V3)
Using PCRE version 8.44 2020-02-12
Using ZLIB version 1.2.11
Using FlatBuffers 1.12.0
Using Hyperscan version 5.3.0 2021-02-01
Using LZMA version 5.2.4
administrator@Ubuntu:~/snort_src$ snort -c /usr/local/etc/snort/snort.lua
--------------------------------------------------
o")~ Snort++ 3.1.0.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
ssh
hosts
host_cache
pop
so_proxy
stream_tcp
smtp
gtp_inspect
packets
dce_http_proxy
stream_icmp
normalizer
alerts
rewrite
ips
stream_udp
binder
wizard
appid
search_engine
file_id
ftp_data
ftp_server
port_scan
dce_http_server
dce_smb
dce_tcp
telnet
ssl
sip
rpc_decode
netflow
http_inspect
network
http2_inspect
modbus
host_tracker
stream_user
stream_ip
trace
back_orifice
classifications
dnp3
active
ftp_client
decode
daq
stream
references
arp_spoof
output
process
dns
dce_udp
imap
stream_file
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
ERROR: Could not find requested DAQ module: pcap
FATAL: see prior 1 errors (0 warnings)
Fatal Error, Quitting..
dministrator@Ubuntu:~/snort_src$ sudo apt-get install -y libpcap-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
libpcap-dev is already the newest version (1.9.1-3).
The following packages were automatically installed and are no longer required:
libfprint-2-tod1 libllvm10
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
administrator@Ubuntu:~/snort_src$ dir
boost_1_74_0 libpcap-1.10.0.tar.gz
boost_1_74_0.tar.gz libsafec-02092020.0-g6d921f
flatbuffers-1.12.0 libsafec-02092020.tar.gz
flatbuffers-build LuaJIT-2.1.0-beta3
flatbuffers-v1.12.0.tar.gz LuaJIT-2.1.0-beta3.tar.gz
gperftools-2.8 pcre-8.44
gperftools-2.8.tar.gz pcre-8.44.tar.gz
hyperscan-5.3.0 ragel-6.10
hyperscan-5.3.0-build ragel-6.10.tar.gz
libdaq-3.0.0 snort3-3.1.0.0
libdaq-3.0.0.tar.gz snort3-3.1.0.0.tar.gz
libpcap-1.10.0 v5.3.0.tar.gz
我没有主意了…谢谢你。我放弃了,通过Docker安装了Snort3。已解决。我遇到了相同的问题。我建议使用--daqdir 例如,我的daq安装在/usr/local/lib/daq中 运行snort时,请使用以下命令:
/usr/local/snort/bin/snort-c/usr/local/snort/etc/snort/snort.lua--daq dir/usr/local/lib/daq-i ens33-l/var/log/snort