albertg Posted July 19, 2014 Report Posted July 19, 2014 when i run this command, d:/winids/snort/bin/snort -c d:/winids/snort/etc/snort.conf -l d:/winids/snort/log –i1 -T i get the following error [ Number of patterns truncated to 20 bytes: 307 ] pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "DeviceNPF_{269A6487-19E1-42B4-A2B2-8A4494B3D49 6}". ERROR: Can't set DAQ BPF filter to 'ûi1 -T' (ê¶O)! Fatal Error, Quitting.. do we need to install DAQ? we have not missed any step in the tutorial. thanks
Morpheus Posted July 19, 2014 Report Posted July 19, 2014 I just noticed: Change this: d:winidssnortbinsnort -c d:winidssnortetcsnort.conf -l d:winidssnortlog –i1 -T To this: d:winidssnortbinsnort -c d:winidssnortetcsnort.conf -l d:winidssnortlog -i1 -T dominic.fernandes@gmail.co 1
dominic.fernandes@gmail.co Posted July 21, 2014 Report Posted July 21, 2014 I just noticed: Change this: d:winidssnortbinsnort -c d:winidssnortetcsnort.conf -l d:winidssnortlog –i1 -T To this: d:winidssnortbinsnort -c d:winidssnortetcsnort.conf -l d:winidssnortlog -i1 -T +---------------------------------------------------------------- [ Number of patterns truncated to 20 bytes: 307 ] pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "DeviceNPF_{269A6487-19E1-42B4-A2B2-8A4494B3D 6}". --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.6.1-WIN32 GRE (Build 56) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort eam Copyright © 2014 Cisco and/or its affiliates. All rights reserved Copyright © 1998-2013 Sourcefire, Inc., et al. Using PCRE version: 8.10 2010-06-25 Using ZLIB version: 1.2.3 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.1 <Build 1> Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Preprocessor Object: SF_SSH Version 1.1 <Build 3> Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Preprocessor Object: SF_SIP Version 1.1 <Build 1> Preprocessor Object: SF_SDF Version 1.1 <Build 1> Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Preprocessor Object: SF_POP Version 1.0 <Build 1> Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Preprocessor Object: SF_GTP Version 1.1 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Preprocessor Object: SF_DNS Version 1.1 <Build 4> Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Snort successfully validated the configuration! Snort exiting ----------------THANKS EAGLE EYE !!!
Morpheus Posted July 21, 2014 Report Posted July 21, 2014 Looks like you are good to go with a sucessful configuration test.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now