'Re: [Snort-users] ERROR: can't find nfq DAQ'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] ERROR: can't find nfq DAQ
From:       Amal Saeed <amal.saeed () simmons ! edu>
Date:       2016-11-30 23:46:17
Message-ID: CAFdqxP9mvuN8tE9UCJDNUSnhcy_T+jvRL0qW=wzMm036qF7XmA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Okay, so I see nfq there, but when I run this command: *snort --daq nfq -Q
-c /etc/snort/snort.conf *it still says permission denied.

When I run this: *snort /usr/local/lib/daq -Q -c /etc/snort/snort.conf* it
still says permission denied:
Log directory = /var/log/snort
ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert:
Permission denied
Fatal Error, Quitting..

I'm really confused - it seems like everything is in place, but it still
refuses to run.



On Wed, Nov 30, 2016 at 5:17 PM, Marcin Dulak <marcin.dulak@gmail.com>
wrote:

> Try to specify the location of daq modules with (replace with the path
> where daq_nfq.so lives):
>
> snort --daq-dir /usr/lib64/daq/ --daq-list
>
> Marcin
>
> On Wed, Nov 30, 2016 at 11:05 PM, Amal Saeed <amal.saeed@simmons.edu>
> wrote:
>
>> When I ran it as root, it validated the configuration, just like that!
>> But now my nfq module is missing.
>>
>> On Wed, Nov 30, 2016 at 4:15 PM, Al Lewis (allewi) <allewi@cisco.com>
>> wrote:
>>
>>> Couple of things to try as a test.
>>>
>>> 1) try running it as root (for permissions).
>>>
>>> 2) create the alert file then
>>>
>>> 3) run snort without logging enabled
>>>
>>>
>>> When you start snort the user has to have elevated privileges. So a
>>> regular use may not cut it..
>>>
>>>
>>> See the DAQ readme:
>>>
>>> NFQ Module
>>> ==========
>>>
>>> NFQ is the new and improved way to process iptables packets:
>>>
>>>     ./snort --daq nfq \
>>>         [--daq-var device=<dev>] \
>>>         [--daq-var proto=<proto>] \
>>>         [--daq-var queue=<qid>]
>>>
>>>     <dev> ::= ip | eth0, etc; default is IP injection
>>>     <proto> ::= ip4 | ip6 |; default is ip4
>>>     <qid> ::= 0..65535; default is 0
>>>
>>> *This module can not run unprivileged so ./snort -u -g will produce a
>>> warning*
>>> *and won't change user or group.*
>>>
>>> Notes on iptables are given below.
>>>
>>>
>>> *Albert Lewis*
>>>
>>> ENGINEER.SOFTWARE ENGINEERING
>>>
>>> SOURCE*fire*, Inc. now part of *Cisco*
>>>
>>> Email: allewi@cisco.com
>>>
>>> From: Amal Saeed <amal.saeed@simmons.edu>
>>> Date: Wednesday, November 30, 2016 at 3:33 PM
>>>
>>> To: allewi <allewi@cisco.com>
>>> Cc: 'snort-users' <snort-users@lists.sourceforge.net>
>>> Subject: Re: [Snort-users] ERROR: can't find nfq DAQ
>>>
>>> I have full permissions though (see attached)?
>>>
>>> On Wed, Nov 30, 2016 at 3:19 PM, Amal Saeed <amal.saeed@simmons.edu>
>>> wrote:
>>>
>>>> I'm running as a regular user.
>>>>
>>>> On Wed, Nov 30, 2016 at 3:17 PM, Al Lewis (allewi) <allewi@cisco.com>
>>>> wrote:
>>>>
>>>>> Permissions on the directory wouldn't be something snort can control.
>>>>>
>>>>> Who are you running snort as? root? regular user?
>>>>>
>>>>>
>>>>>
>>>>> *Albert Lewis*
>>>>>
>>>>> ENGINEER.SOFTWARE ENGINEERING
>>>>>
>>>>> SOURCE*fire*, Inc. now part of *Cisco*
>>>>>
>>>>> Email: allewi@cisco.com
>>>>>
>>>>> From: Amal Saeed <amal.saeed@simmons.edu>
>>>>> Date: Wednesday, November 30, 2016 at 3:05 PM
>>>>> To: allewi <allewi@cisco.com>
>>>>> Cc: 'snort-users' <snort-users@lists.sourceforge.net>
>>>>> Subject: Re: [Snort-users] ERROR: can't find nfq DAQ
>>>>>
>>>>> So I just ran:  *snort -i wlan0 -c /etc/snort/snort.conf -T*
>>>>> and Snort successfully validated my configuration.
>>>>>
>>>>> I've tried changing permission on my /var/log/snort directory, but it
>>>>> doesn't take the changes.
>>>>>
>>>>> On Wed, Nov 30, 2016 at 2:59 PM, Al Lewis (allewi) <allewi@cisco.com>
>>>>> wrote:
>>>>>
>>>>>> The error is "ERROR: OpenAlertFile() => fopen() alert file
>>>>>> /var/log/snort/alert: *Permission denied*"
>>>>>>
>>>>>> Doesn't look like snort can write to your logging directory.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Albert Lewis*
>>>>>>
>>>>>> ENGINEER.SOFTWARE ENGINEERING
>>>>>>
>>>>>> SOURCE*fire*, Inc. now part of *Cisco*
>>>>>>
>>>>>> Email: allewi@cisco.com
>>>>>>
>>>>>> From: Amal Saeed <amal.saeed@simmons.edu>
>>>>>> Date: Wednesday, November 30, 2016 at 2:51 PM
>>>>>> To: 'snort-users' <snort-users@lists.sourceforge.net>
>>>>>> Subject: [Snort-users] ERROR: can't find nfq DAQ
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm trying to run Snort in inline mode (-Q), but I kept running into
>>>>>> this problem, where it says can't find nfq DAQ even though I see nfq listed
>>>>>> in my --daq-list. I've tried troubleshooting with every source I found
>>>>>> online, but now I get a different error.
>>>>>>
>>>>>> If I run: *snort --daq nfq -Q -c /etc/snort/snort.conf*
>>>>>> I get:
>>>>>> Log directory = /var/log/snort
>>>>>> ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert:
>>>>>> Permission denied
>>>>>> Fatal Error, Quitting..
>>>>>>
>>>>>> If I run: *snort -T -c /etc/snort/snort.conf*
>>>>>> I get:
>>>>>> [ Number of patterns truncated to 20 bytes: 497 ]
>>>>>> ERROR: Active response: can't open ip!
>>>>>> Fatal Error, Quitting..
>>>>>>
>>>>>> I have an IP address and I can ping myself/others and receive pings
>>>>>> with no issue.
>>>>>>
>>>>>> Please advise on what I can do to resolve this, thank you!
>>>>>>
>>>>>> --
>>>>>> Amal Saeed
>>>>>> Simmons College '17, B.S. Computer Science & Information Technology
>>>>>> Secretary, 2017 Class Council
>>>>>> Co-Vice President, Computer Science & Mathematics Liaison
>>>>>> Technology Assistant, *Simmons Technology Support Center*
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Amal Saeed
>>>>> Simmons College '17, B.S. Computer Science & Information Technology
>>>>> Secretary, 2017 Class Council
>>>>> Co-Vice President, Computer Science & Mathematics Liaison
>>>>> Technology Assistant, *Simmons Technology Support Center*
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Amal Saeed
>>>> Simmons College '17, B.S. Computer Science & Information Technology
>>>> Secretary, 2017 Class Council
>>>> Co-Vice President, Computer Science & Mathematics Liaison
>>>> Technology Assistant, *Simmons Technology Support Center*
>>>>
>>>
>>>
>>>
>>> --
>>> Amal Saeed
>>> Simmons College '17, B.S. Computer Science & Information Technology
>>> Secretary, 2017 Class Council
>>> Co-Vice President, Computer Science & Mathematics Liaison
>>> Technology Assistant, *Simmons Technology Support Center*
>>>
>>
>>
>>
>> --
>> Amal Saeed
>> Simmons College '17, B.S. Computer Science & Information Technology
>> Secretary, 2017 Class Council
>> Co-Vice President, Computer Science & Mathematics Liaison
>> Technology Assistant, *Simmons Technology Support Center*
>>
>> ------------------------------------------------------------
>> ------------------
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users@lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>


-- 
Amal Saeed
Simmons College '17, B.S. Computer Science & Information Technology
Secretary, 2017 Class Council
Co-Vice President, Computer Science & Mathematics Liaison
Technology Assistant, *Simmons Technology Support Center*

[Attachment #5 (text/html)]

<div dir="ltr">Okay, so I see nfq there, but when I run this command:  <b \
style="font-size:12.800000190734863px">snort --daq nfq -Q -c /etc/snort/snort.conf  \
</b>it still says permission denied.<div><br></div><div>When I run this: <b>snort \
/usr/local/lib/daq -Q -c /etc/snort/snort.conf</b> it still says permission denied:  \
</div><div><div>Log directory = /var/log/snort</div><div>ERROR: OpenAlertFile() =&gt; \
fopen() alert file /var/log/snort/alert: Permission denied</div><div>Fatal Error, \
Quitting..</div></div><div><br></div><div>I&#39;m really confused - it seems like \
everything is in place, but it still refuses to \
run.</div><div><div><br></div><div><br></div></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 30, 2016 at 5:17 PM, \
Marcin Dulak <span dir="ltr">&lt;<a href="mailto:marcin.dulak@gmail.com" \
target="_blank">marcin.dulak@gmail.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div>Try to specify the location of daq \
modules with (replace with the path where daq_nfq.so lives):<br><br>snort --daq-dir \
/usr/lib64/daq/ --daq-list<br><br></div>Marcin<br><div><div><div \
class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Wed, Nov 30, \
2016 at 11:05 PM, Amal Saeed <span dir="ltr">&lt;<a \
href="mailto:amal.saeed@simmons.edu" \
target="_blank">amal.saeed@simmons.edu</a>&gt;</span> \
wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div \
class="h5"><div dir="ltr">When I ran it as root, it validated the configuration, just \
like that! But now my nfq module is missing.</div><div class="gmail_extra"><br><div \
class="gmail_quote">On Wed, Nov 30, 2016 at 4:15 PM, Al Lewis (allewi) <span \
dir="ltr">&lt;<a href="mailto:allewi@cisco.com" \
target="_blank">allewi@cisco.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">



<div style="font-size:14px;font-family:courier,sans-serif">
<div>
<div>
<div style="color:rgb(0,0,0)">Couple of things to try as a test.</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">1) try running it as root (for permissions).</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">2) create the alert file then  </div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">3) run snort without logging enabled</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">When you start snort the user has to have elevated \
privileges. So a regular use may not cut it..</div> <div \
style="color:rgb(0,0,0)"><br> </div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">See the DAQ readme:</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div>
<div style="color:rgb(0,0,0)">NFQ Module</div>
<div style="color:rgb(0,0,0)">==========</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">NFQ is the new and improved way to process iptables \
packets:</div> <div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">      ./snort --daq nfq \</div>
<div style="color:rgb(0,0,0)">            [--daq-var device=&lt;dev&gt;] \</div>
<div style="color:rgb(0,0,0)">            [--daq-var proto=&lt;proto&gt;] \</div>
<div style="color:rgb(0,0,0)">            [--daq-var queue=&lt;qid&gt;]</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">      &lt;dev&gt; ::= ip | eth0, etc; default is IP \
injection</div> <div style="color:rgb(0,0,0)">      &lt;proto&gt; ::= ip4 | ip6 |; \
default is ip4</div> <div style="color:rgb(0,0,0)">      &lt;qid&gt; ::= 0..65535; \
default is 0</div> <div style="color:rgb(0,0,0)"><br>
</div>
<div><font color="#ff0000"><b>This module can not run unprivileged so ./snort -u -g \
will produce a warning</b></font></div> <div><font color="#ff0000"><b>and won&#39;t \
change user or group.</b></font></div> <div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">Notes on iptables are given below.</div>
</div><span>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">
<div id="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926MAC_OUTLOOK_SIGNATURE">
 <div>
<p class="MsoNormal" style="font-family:-webkit-standard;margin:0in 0in \
0.0001pt;font-size:11pt"> <b><span style="font-size:12pt;color:rgb(31,73,125)"><font \
face="Courier">Albert Lewis<u></u><u></u></font></span></b></p> <p class="MsoNormal" \
style="font-family:-webkit-standard;margin:0in 0in 0.0001pt;font-size:11pt"> <font \
color="#7f7f7f">ENGINEER.SOFTWARE ENGINEERING</font></p> <p class="MsoNormal" \
style="font-family:-webkit-standard;margin:0in 0in 0.0001pt;font-size:11pt"> <font \
face="Courier"><span \
style="color:rgb(153,153,153);font-size:12pt">SOURCE</span><b><span \
style="font-size:12pt;color:red">fire</span></b><span \
style="color:rgb(153,153,153);font-size:12pt">, Inc.  </span><span \
style="color:rgb(136,136,136);font-size:12pt">now  part of  </span><b><span \
style="font-size:12pt"><font color="#00007f">Cisco</font></span></b></font></p> <p \
class="MsoNormal" style="font-family:-webkit-standard;margin:0in 0in \
0.0001pt;font-size:11pt"> <font face="Courier"><span \
style="font-size:12pt;color:rgb(153,153,153)">Email:  </span><span \
style="font-size:12pt"><a href="mailto:allewi@cisco.com" style="color:purple" \
target="_blank">allewi@cisco.com</a><span style="color:rgb(79,129,189)">  \
</span></span></font></p> </div>
</div>
</div>
</span></div>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<span id="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926OLK_SRC_BODY_SECTION" \
style="color:rgb(0,0,0)"> <div \
style="font-family:calibri;font-size:12pt;text-align:left;color:black;border-width:1pt \
medium medium;border-style:solid none none;border-color:rgb(181,196,223) \
-moz-use-text-color -moz-use-text-color;padding:3pt 0in 0in"> <span \
style="font-weight:bold">From: </span>Amal Saeed &lt;<a \
href="mailto:amal.saeed@simmons.edu" \
target="_blank">amal.saeed@simmons.edu</a>&gt;<br> <span \
style="font-weight:bold">Date: </span>Wednesday, November 30, 2016 at 3:33 \
PM<div><div class="m_-2558884440926056096gmail-m_343032265705361194h5"><br> <span \
style="font-weight:bold">To: </span>allewi &lt;<a href="mailto:allewi@cisco.com" \
target="_blank">allewi@cisco.com</a>&gt;<br> <span style="font-weight:bold">Cc: \
</span>&#39;snort-users&#39; &lt;<a href="mailto:snort-users@lists.sourceforge.net" \
target="_blank">snort-users@lists.sourceforge<wbr>.net</a>&gt;<br> <span \
style="font-weight:bold">Subject: </span>Re: [Snort-users] ERROR: can&#39;t find nfq \
DAQ<br> </div></div></div><div><div \
class="m_-2558884440926056096gmail-m_343032265705361194h5"> <div><br>
</div>
<span>
<div>
<div>
<div dir="ltr">I have full permissions though (see attached)?</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 30, 2016 at 3:19 PM, Amal Saeed <span dir="ltr">
&lt;<a href="mailto:amal.saeed@simmons.edu" \
target="_blank">amal.saeed@simmons.edu</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <div dir="ltr">I&#39;m running as a regular \
user.</div> <div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926HOEnZb">
 <div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 30, 2016 at 3:17 PM, Al Lewis (allewi) <span \
dir="ltr"> &lt;<a href="mailto:allewi@cisco.com" \
target="_blank">allewi@cisco.com</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <div \
style="color:rgb(0,0,0);font-size:14px;font-family:courier,sans-serif"> <div>
<div>
<div>Permissions on the directory wouldn't be something snort can control.</div>
<div><br>
</div>
<div>Who are you running snort as? root? regular user?</div>
<span>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div id="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370MAC_OUTLOOK_SIGNATURE">
 <div>
<p class="MsoNormal" style="font-family:-webkit-standard;margin:0in 0in \
0.0001pt;font-size:11pt"> <b><span style="font-size:12pt;color:rgb(31,73,125)"><font \
face="Courier">Albert Lewis<u></u><u></u></font></span></b></p> <p class="MsoNormal" \
style="font-family:-webkit-standard;margin:0in 0in 0.0001pt;font-size:11pt"> <font \
color="#7f7f7f">ENGINEER.SOFTWARE ENGINEERING</font></p> <p class="MsoNormal" \
style="font-family:-webkit-standard;margin:0in 0in 0.0001pt;font-size:11pt"> <font \
face="Courier"><span \
style="color:rgb(153,153,153);font-size:12pt">SOURCE</span><b><span \
style="font-size:12pt;color:red">fire</span></b><span \
style="color:rgb(153,153,153);font-size:12pt">, Inc.  </span><span \
style="color:rgb(136,136,136);font-size:12pt">now  part of  </span><b><span \
style="font-size:12pt"><font color="#00007f">Cisco</font></span></b></font></p> <p \
class="MsoNormal" style="font-family:-webkit-standard;margin:0in 0in \
0.0001pt;font-size:11pt"> <font face="Courier"><span \
style="font-size:12pt;color:rgb(153,153,153)">Email:  </span><span \
style="font-size:12pt"><a href="mailto:allewi@cisco.com" style="color:purple" \
target="_blank">allewi@cisco.com</a><span style="color:rgb(79,129,189)">  \
</span></span></font></p> </div>
</div>
</div>
</span></div>
</div>
<div><br>
</div>
<span id="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370OLK_SRC_BODY_SECTION">
 <div style="font-family:calibri;font-size:12pt;text-align:left;color:black;border-width:1pt \
medium medium;border-style:solid none none;border-color:rgb(181,196,223) \
-moz-use-text-color -moz-use-text-color;padding:3pt 0in 0in"> <span \
style="font-weight:bold">From: </span>Amal Saeed &lt;<a \
href="mailto:amal.saeed@simmons.edu" \
target="_blank">amal.saeed@simmons.edu</a>&gt;<br> <span \
style="font-weight:bold">Date: </span>Wednesday, November 30, 2016 at 3:05 PM<br> \
<span style="font-weight:bold">To: </span>allewi &lt;<a \
href="mailto:allewi@cisco.com" target="_blank">allewi@cisco.com</a>&gt;<br> <span \
style="font-weight:bold">Cc: </span>&#39;snort-users&#39; &lt;<a \
href="mailto:snort-users@lists.sourceforge.net" \
target="_blank">snort-users@lists.sourceforge<wbr>.net</a>&gt;<br> <span \
style="font-weight:bold">Subject: </span>Re: [Snort-users] ERROR: can&#39;t find nfq \
DAQ<br> </div>
<div>
<div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103h5">
 <div><br>
</div>
<span>
<div>
<div>
<div dir="ltr">So I just ran:   <b>snort -i wlan0 -c /etc/snort/snort.conf -T</b>
<div>and Snort successfully validated my configuration.</div>
<div><br>
</div>
<div>I&#39;ve tried changing permission on my /var/log/snort directory, but it \
doesn&#39;t take the changes.  </div> </div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 30, 2016 at 2:59 PM, Al Lewis (allewi) <span \
dir="ltr"> &lt;<a href="mailto:allewi@cisco.com" \
target="_blank">allewi@cisco.com</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <div \
style="font-size:14px;font-family:courier,sans-serif"> <div>
<div>The error is "ERROR: OpenAlertFile() =&gt; fopen() alert file \
/var/log/snort/alert: <font color="#ff0000"><b><i>Permission \
denied</i></b></font>&quot;</div> <div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">Doesn't look like snort can write to your logging \
directory.</div> <div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<div style="color:rgb(0,0,0)">
<div id="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370m_2942391223193296680MAC_OUTLOOK_SIGNATURE">
 <div>
<p class="MsoNormal" style="font-family:-webkit-standard;margin:0in 0in \
0.0001pt;font-size:11pt"> <b><span style="font-size:12pt;color:rgb(31,73,125)"><font \
face="Courier">Albert Lewis<u></u><u></u></font></span></b></p> <p class="MsoNormal" \
style="font-family:-webkit-standard;margin:0in 0in 0.0001pt;font-size:11pt"> <font \
color="#7f7f7f">ENGINEER.SOFTWARE ENGINEERING</font></p> <p class="MsoNormal" \
style="font-family:-webkit-standard;margin:0in 0in 0.0001pt;font-size:11pt"> <font \
face="Courier"><span \
style="color:rgb(153,153,153);font-size:12pt">SOURCE</span><b><span \
style="font-size:12pt;color:red">fire</span></b><span \
style="color:rgb(153,153,153);font-size:12pt">, Inc.  </span><span \
style="color:rgb(136,136,136);font-size:12pt">now  part of  </span><b><span \
style="font-size:12pt"><font color="#00007f">Cisco</font></span></b></font></p> <p \
class="MsoNormal" style="font-family:-webkit-standard;margin:0in 0in \
0.0001pt;font-size:11pt"> <font face="Courier"><span \
style="font-size:12pt;color:rgb(153,153,153)">Email:  </span><span \
style="font-size:12pt"><a href="mailto:allewi@cisco.com" style="color:purple" \
target="_blank">allewi@cisco.com</a><span style="color:rgb(79,129,189)">  \
</span></span></font></p> </div>
</div>
</div>
</div>
<div style="color:rgb(0,0,0)"><br>
</div>
<span id="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370m_2942391223193296680OLK_SRC_BODY_SECTION" \
style="color:rgb(0,0,0)"> <div \
style="font-family:calibri;font-size:12pt;text-align:left;color:black;border-width:1pt \
medium medium;border-style:solid none none;border-color:rgb(181,196,223) \
-moz-use-text-color -moz-use-text-color;padding:3pt 0in 0in"> <span \
style="font-weight:bold">From: </span>Amal Saeed &lt;<a \
href="mailto:amal.saeed@simmons.edu" \
target="_blank">amal.saeed@simmons.edu</a>&gt;<br> <span \
style="font-weight:bold">Date: </span>Wednesday, November 30, 2016 at 2:51 PM<br> \
<span style="font-weight:bold">To: </span>&#39;snort-users&#39; &lt;<a \
href="mailto:snort-users@lists.sourceforge.net" \
target="_blank">snort-users@lists.sourceforge<wbr>.net</a>&gt;<br> <span \
style="font-weight:bold">Subject: </span>[Snort-users] ERROR: can&#39;t find nfq \
DAQ<br> </div>
<div>
<div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370h5">
 <div><br>
</div>
<span>
<div>
<div>
<div dir="ltr">Hello,
<div><br>
</div>
<div>I&#39;m trying to run Snort in inline mode (-Q), but I kept running into this \
problem, where it says can&#39;t find nfq DAQ even though I see nfq listed in my \
--daq-list. I&#39;ve tried troubleshooting with every source I found online, but now \
I get a different error.</div> <div><br>
</div>
<div>If I run: <b>snort --daq nfq -Q -c /etc/snort/snort.conf</b></div>
<div>I get:  </div>
<div>
<div>Log directory = /var/log/snort</div>
<div>ERROR: OpenAlertFile() =&gt; fopen() alert file /var/log/snort/alert: Permission \
denied</div> <div>Fatal Error, Quitting..</div>
</div>
<div><br>
</div>
<div>If I run: <b>snort -T -c /etc/snort/snort.conf</b></div>
<div>I get:</div>
<div>
<div>[ Number of patterns truncated to 20 bytes: 497 ]</div>
<div>ERROR: Active response: can&#39;t open ip!</div>
<div>Fatal Error, Quitting..</div>
</div>
<div><br>
</div>
<div>I have an IP address and I can ping myself/others and receive pings with no \
issue.</div> <div><br>
</div>
<div>Please advise on what I can do to resolve this, thank you!</div>
<div><br>
</div>
<div>-- <br>
<div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370m_2942391223193296680gmail_signature">
 <div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Amal Saeed</div>
Simmons College &#39;17, B.S. Computer Science &amp; Information Technology
<div>Secretary, 2017 Class Council</div>
<div>Co-Vice President, Computer Science &amp; Mathematics Liaison</div>
<div>Technology Assistant,  <i>Simmons Technology Support Center</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</span></div>
</div>
</span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103m_-4384506093360693370gmail_signature">
 <div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Amal Saeed</div>
Simmons College &#39;17, B.S. Computer Science &amp; Information Technology
<div>Secretary, 2017 Class Council</div>
<div>Co-Vice President, Computer Science &amp; Mathematics Liaison</div>
<div>Technology Assistant,  <i>Simmons Technology Support Center</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</span></div>
</div>
</span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926m_4209537238226147103gmail_signature">
 <div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Amal Saeed</div>
Simmons College &#39;17, B.S. Computer Science &amp; Information Technology
<div>Secretary, 2017 Class Council</div>
<div>Co-Vice President, Computer Science &amp; Mathematics Liaison</div>
<div>Technology Assistant,  <i>Simmons Technology Support Center</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all"><span class="m_-2558884440926056096gmail-HOEnZb"><font \
color="#888888"> <div><br>
</div>
-- <br>
<div class="m_-2558884440926056096gmail-m_343032265705361194m_441889990065165926gmail_signature">
 <div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Amal Saeed</div>
Simmons College &#39;17, B.S. Computer Science &amp; Information Technology
<div>Secretary, 2017 Class Council</div>
<div>Co-Vice President, Computer Science &amp; Mathematics Liaison</div>
<div>Technology Assistant,  <i>Simmons Technology Support Center</i></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div><span class="m_-2558884440926056096gmail-HOEnZb"><font \
color="#888888"> </font></span></div><span \
class="m_-2558884440926056096gmail-HOEnZb"><font color="#888888"> \
</font></span></div><span class="m_-2558884440926056096gmail-HOEnZb"><font \
color="#888888"> </font></span></span></div></div></span><span \
class="m_-2558884440926056096gmail-HOEnZb"><font color="#888888"> \
</font></span></div><span class="m_-2558884440926056096gmail-HOEnZb"><font \
color="#888888">

</font></span></blockquote></div><span \
class="m_-2558884440926056096gmail-HOEnZb"><font color="#888888"><br><br \
clear="all"><div><br></div>-- <br><div \
class="m_-2558884440926056096gmail-m_343032265705361194gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Amal Saeed</div>Simmons \
College &#39;17, B.S. Computer Science &amp; Information Technology<div>Secretary, \
2017 Class Council</div><div>Co-Vice President, Computer Science &amp; Mathematics \
Liaison</div><div>Technology Assistant,  <i>Simmons Technology Support \
Center</i></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
 </font></span></div>
<br></div></div>------------------------------<wbr>------------------------------<wbr>------------------<br>
 <br>______________________________<wbr>_________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net" \
target="_blank">Snort-users@lists.sourceforge.<wbr>net</a><br> Go to this URL to \
change user options or unsubscribe:<br> <a \
href="https://lists.sourceforge.net/lists/listinfo/snort-users" rel="noreferrer" \
target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/snort-users</a><br> \
Snort-users list archive:<br> <a \
href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" \
rel="noreferrer" target="_blank">http://sourceforge.net/mailarc<wbr>hive/forum.php?forum_name=<wbr>snort-users</a><br>
 <br>
Please visit <a href="http://blog.snort.org" rel="noreferrer" \
target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort \
news!<br></blockquote></div><br></div></div></div></div> </blockquote></div><br><br \
clear="all"><div><br></div>-- <br><div class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div>Amal Saeed</div>Simmons College &#39;17, B.S. Computer Science &amp; \
Information Technology<div>Secretary, 2017 Class Council</div><div>Co-Vice President, \
Computer Science &amp; Mathematics Liaison</div><div>Technology Assistant,  \
<i>Simmons Technology Support \
Center</i></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
 </div>

--001a113f16d6178b9405428d52cd--


["Screen Shot 2016-11-30 at 6.42.58 PM.png" (image/png)]

------------------------------------------------------------------------------


_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic