Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: @barnyard2 error

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 11 Jul 2013 04:50:47 -0400
On 7/11/2013 04:19, anagha b wrote:

Hi all


At the time of install i installed snort for user anagha.
If i run snort as root then snort starts packet processing but if i try to run
snort other than root [as anagh]i get following error
anagha@ubuntu~$  snort -c /srv/cloud/one/snort-2.9.4.6/etc/snort.conf -i eth0
Initializing Output Plugins!
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
Fatal Error, Quitting..


why can't you start snort as root and let it switch users? IIRC -u and -g

ie: snort -c /etc/snort.conf -D -u snort -g snort -d -e -A Full -i eth0

the above runs snort as user snort and group snort...


I tried to start barnyard when*snort is running with root* but i configured
databases access for specific user[I set this user for snort already] for
barnyard  i am getting error for barnyard when i run snort as root.


the user that snort runs as has nothing to do with the user that barnyard2 runs 
as... as long as barnyard2 can access the snort unified2 output file(s) and the 
database, then barnyard2 should be able to do its job...


barnyard2 -c /srv/cloud/one/barnyard2-2-1.13/etc/barnyard2.conf -f snort.u2 -w
/var/log/snort/barnyard2.waldo

error:Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/snort/
INFO database: Defaulting Reconnect/Transaction Error limit to 10
INFO database: Defaulting Reconnect sleep time to 5 second
database mysql_error: Access denied for user 'root'@'localhost' (using password:
YES)
Barnyard2 exiting
database: Closing connection to database "db"


have you given that user the rights to access the database?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: