• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

SNORT fails to start - fatal error

JosephJoseph

Entry Level
I'm still in the process of getting the platform fully configured and have moved on from other configurations to SNORT. I noticed that SNORT was not in the list of running processes though the snortunified plugin is enabled and visible in the dashboard. I ran dpkg-reconfigure snort and walked through configuring the interface and networks to monitor. Afterwards executed ossim-reconfig, then attempted to start snort. This is the outcome... Any help is appreciated.

Currently running OSSIM v4.1.1

alienvault:/etc/snort# /etc/init.d/snort restart
Starting Network Intrusion Detection System : snort (eth0 using /etc/snort/snort.eth0.conf ...ERROR: failed (check /var/log/daemon.log, /var/log/syslog and /var/log/snort/)) failed!
alienvault:/etc/snort# tail /var/log/syslog
Dec 20 11:19:21 alienvault snort[1944]: |   Patterns        : 0.49
Dec 20 11:19:21 alienvault snort[1944]: |   Match Lists     : 1.01
Dec 20 11:19:21 alienvault snort[1944]: |   DFA
Dec 20 11:19:21 alienvault snort[1944]: |     1 byte states : 0.96
Dec 20 11:19:21 alienvault snort[1944]: |     2 byte states : 18.82
Dec 20 11:19:21 alienvault snort[1944]: |     4 byte states : 0.00
Dec 20 11:19:21 alienvault snort[1944]: +----------------------------------------------------------------
Dec 20 11:19:21 alienvault snort[1944]: [ Number of patterns truncated to 20 bytes: 1332 ]
Dec 20 11:19:21 alienvault snort[1944]: pfring DAQ configured to passive.
Dec 20 11:19:21 alienvault snort[1944]: FATAL ERROR: Can't initialize DAQ pfring (-1) -

Share post:

This discussion has been closed.