Snort mailing list archives
Snort++ Build 239
From: Jim Campbell <jim () w4bqp net>
Date: Thu, 24 Aug 2017 14:27:47 -0400
I installed the latest release of Snort++ (Version 3.0.0 (Build 239) from 2.9.8-383) and am having problems.
If I run the following from the command line it runs well and outputs to the unified2 file:
" sudo /opt/snort/bin/snort -Q -c /opt/snort/etc/snort/snort.lua --daq afpacket -i enp1s0:enp4s0 -u snort -g snort --plugin-path /opt/snort/lib/snort_extra -l /var/log/snort -A unified2"
Note: The pointer to the Rules file is included in the configuration file.However, if I attempt to run Snort as a Service with essentially the same command line it fails. Following is the pertinent part of the systemd file:
[Service] # Type=simple # root needed for nfq inline User=root Group=snort Environment=LUA_PATH=/opt/snort/include/snort/lua/?.lua Environment=SNORT_LUA_PATH=/opt/snort/etc/snortExecStart=/opt/snort/bin/snort -Q -c /opt/snort/etc/snort/snort.lua -u snort -g snort --daq afpacket -i enp1s0:enp4s0 --plugin-path /opt/snort/lib/snort_extra -l /var/log/snort -A unified2
Following is the pertinent portion of the output from "systemctl status snort":
jim@jim-IPS:~$ systemctl status snort ● snort.service - Snort NIPS 3 DaemonLoaded: loaded (/lib/systemd/system/snort.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2017-08-24 13:53:54 EDT; 7s ago Process: 18527 ExecStart=/opt/snort/bin/snort -Q -q -c /opt/snort/etc/snort/snort.lua -u snort -g snort --daq afpacket -i enp1s0:enp4s0 --plugin-path /opt/snort/lib/snort_extra -l /var/log/snort -A unified2 (code=exited, status=1/FAILURE)
Main PID: 18527 (code=exited, status=1/FAILURE) Aug 24 13:53:49 jim-IPS systemd[1]: Started Snort NIPS 3 Daemon. Aug 24 13:53:54 jim-IPS snort[18527]: ERROR: Can not initgroups(snort,-1) Aug 24 13:53:54 jim-IPS snort[18527]: FATAL: see prior 1 errors (0 warnings) Aug 24 13:53:54 jim-IPS snort[18527]: Fatal Error, Quitting.. Thanks, Jim Campbell -- "We are not human beings having a spiritual experience; we are spiritual beings having a human experience." ---Pierre Teilhard de Chardin _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort++ Build 239, (continued)
- Re: Snort++ Build 239 Jim Campbell (Jul 31)
- Re: Snort++ Build 239 Jim Campbell (Jul 31)
- Re: Snort++ Build 239 Russ via Snort-users (Aug 07)
- Re: Snort++ Build 239 Marcin Dulak via Snort-users (Aug 07)
- Re: Snort++ Build 239 Jim Campbell (Aug 07)
- Re: Snort++ Build 239 Russ via Snort-users (Aug 07)
- Re: Snort++ Build 239 Jim Campbell (Aug 07)
- Re: Snort++ Build 239 Russ via Snort-users (Aug 07)
- Re: Snort++ Build 239 Jim Campbell (Aug 08)
- Re: Snort++ Build 239 Russ via Snort-users (Aug 09)