@oliverbk
I experienced a similar problem as you did on 2014-10-31. For me "systemctl start snort" resulted in the error you describe. "systemctl start snort@wlan0" resulted in a file not found error.
What solved the problem for me was a simple:
cp /usr/lib/systemd/system/snort.service /usr/lib/systemd/system/snort@.service
Honestly, I am not sure whether a "mv" instead of a "cp" would not be better, as starting the service without specifying a device will always result in this error (at least according to the content of /usr/lib/systemd/system/snort.service).
Search Criteria
Package Details: snort 3.5.0.0-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/snort.git (read-only, click to copy) |
---|---|
Package Base: | snort |
Description: | A lightweight network IDS /IPS with OpenAppID support. |
Upstream URL: | https://www.snort.org |
Licenses: | GPL |
Submitter: | Snowman |
Maintainer: | robertfoster |
Last Packager: | robertfoster |
Votes: | 65 |
Popularity: | 0.030460 |
First Submitted: | 2012-11-16 17:33 (UTC) |
Last Updated: | 2024-10-30 11:32 (UTC) |
Dependencies (17)
- gperftools (gperftools-gitAUR)
- hwloc
- hyperscan (hyperscan-gitAUR)
- libdaqAUR (libdaq-staticAUR)
- libdnet (libdnet-gitAUR)
- libmnl (libmnl-gitAUR)
- libpcap (libpcap-gitAUR)
- libunwind (libunwind-carbonAUR, libunwind-gitAUR)
- luajit (luajit-2.1-lua52-gitAUR, luajit-gitAUR, luajit-openrestyAUR)
- lz4 (lz4-gitAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- pcre
- pulledporkAUR
- xz (xz-gitAUR)
- zlib (zlib-ng-compat-gitAUR, zlib-gitAUR, zlib-ng-compat)
- cmake (cmake-gitAUR) (make)
- pkgconf (pkgconf-gitAUR) (make)
Required by (5)
- barnyard2 (optional)
- oinkmaster
- pulledpork (optional)
- sguil-sensor (optional)
- snort3-extra
Sources (8)
Latest Comments
« First ‹ Previous 1 2 3 4 5 6 7 8 9 10 Next › Last »
meAtArch commented on 2014-11-15 15:50 (UTC)
olivervbk commented on 2014-11-02 22:16 (UTC)
Had to create the default snort.conf directory:
/usr/lib/snort_dynamicrules
Snort error:
ERROR: /etc/snort/snort.conf(253) Could not stat dynamic module path "/usr/lib/snort_dynamicrules": No such file or directory.
olivervbk commented on 2014-10-31 02:11 (UTC)
Cant get snort@wlan0 to work. Anyone know the problem?
[oliver@hecatonchires snort]$ sudo systemctl start snort@wlan0
Failed to start snort@wlan0.service: Unit snort@wlan0.service failed to load: No such file or directory.
[oliver@hecatonchires snort]$ sudo systemctl start snort
Job for snort.service failed. See 'systemctl status snort.service' and 'journalctl -xn' for details.
[oliver@hecatonchires snort]$ systemctl status snort.service
● snort.service - Snort IDS system listening on '%I'
Loaded: loaded (/usr/lib/systemd/system/snort.service; disabled)
Active: failed (Result: resources)
Oct 31 00:05:03 hecatonchires systemd[1]: Stopped Snort IDS system listening on '%I'.
Oct 31 00:05:05 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:05:05 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:05:05 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
Oct 31 00:05:49 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:05:49 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:05:49 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
Oct 31 00:09:08 hecatonchires systemd[1]: Starting Snort IDS system listening on '%I'...
Oct 31 00:09:08 hecatonchires systemd[1]: snort.service failed to run 'start-pre' task: Operation not supported
Oct 31 00:09:08 hecatonchires systemd[1]: Failed to start Snort IDS system listening on '%I'.
[oliver@hecatonchires snort]$
This works:
sudo snort --daq-dir /usr/lib/daq/ -i wlan0
olivervbk commented on 2014-10-31 01:41 (UTC)
emerging.rules.tar.gz md5sum changed to 52fb27a0b8151cc2b906fd58ce12fb46
cosmicnut commented on 2014-07-20 10:30 (UTC)
this package is a little broken.
snort have changed their site layout so you need to change PKGBUILD to the source location
source=("http://www.snort.org/downloads/snort/${pkgname}-${pkgver}.tar.gz" "http://rules.emergingthreats.net/open/${pkgname}-2.9.0/emerging.rules.ta$
'snort.service')
The change seems to be at the latest build so you need to up the version to 2.9.6.2 witt the MD5 of 2a0e89a48260e45f932af94c0ebb330e
no other versions seem to be on line
malosasha commented on 2014-05-12 13:05 (UTC)
hi the snort installation is broken : the emerging rule have been updated upstream and the md5 need to be edited from f25631a4942d7e0bb9937c883f42e87a to b0116a4ddfa92afb759d92c14f13dd20
lakechfoma commented on 2014-02-22 17:50 (UTC)
GI_Jack, I am not sure the exact cause of the problem but I do know you can specify the directory explicitly when you run snort like so:
snort -v --daq-dir /usr/lib/daq
GI_Jack commented on 2014-02-21 00:52 (UTC)
ugg
# snort -v
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..
#strace snort -v
....
open("/dev/usbmon1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/1t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/1t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/2t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/2t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/3t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/3t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon4", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/4t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/4t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/dev/usbmon5", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/usbmon/5t", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usbmon/5t", O_RDONLY) = -1 ENOENT (No such file or directory)
...
# snort --daq-list
No available DAQ modules (try adding directories with --daq-dir).
# ls -l /usr/lib/daq
total 60
-rwxr-xr-x 1 root root 18664 Dec 22 15:56 daq_afpacket.so
-rwxr-xr-x 1 root root 10488 Dec 22 15:56 daq_dump.so
-rwxr-xr-x 1 root root 10520 Dec 22 15:56 daq_ipfw.so
-rwxr-xr-x 1 root root 14560 Dec 22 15:56 daq_pcap.so
any clue?
Pinned Comments