-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I realize this might be off-topic for this list, and so I apologize in advance if there is a PF_RING specific group I haven't located yet...If I should be posting elsewhere, please do let me know...Thanks... I've compiled and installed PF_RING and snort with DAQ, but am unable to get snort to start, due to the following error: /usr/local/bin/snort -D -c /etc/snort/snort_eth3.conf -l /nsm/memfs --daq-dir /usr/local/lib/daq --daq pfring -i eth3 - --daq-var bindcpu=4 <snip> Apr 13 14:22:52 sensor snort[26639]: FATAL ERROR: Can't start DAQ (-1) - pfring_open(): unable to open device 'eth3'. Please use -i <device>! Can anyone give me any pointers on how to debug this, or if I'm approaching this in an incorrect fashion? Thanks! I am using: # cat /etc/modprobe.d/pf_ring.conf options pf_ring transparent_mode=2 enable_tx_capture=0 enable_ip_defrag=0 # cat /proc/net/pf_ring/info PF_RING Version : 4.6.3 ($Revision: 4539$) Ring slots : 4096 Slot version : 13 Capture TX : No [RX only] IP Defragment : No Transparent mode : No (mode 2) Total rings : 0 Total plugins : 0 DAQ built with: $ ./configure --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib - --with-libpcap-includes=/usr/local/include --with-libpcap-libraries=/usr/local/lib --enable-pfring-module=yes #snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.0.4 (Build 111) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 6.6 06-Feb-2006 Using ZLIB version: 1.2.3 Snort built with: $ ./configure --enable-reload --enable-perfprofiling --enable-zlib --with-libpfring-includes=/usr/local/include - --with-libpfring-libraries=/usr/local/lib --with-daq-includes=/usr/local/include -with-daq-libraries=/usr/local/lib/daq - -- Jesse Bowling _______________________________________ Incident Response Manager |~~| Office of Information Security |\/| University of Georgia |^^| (706) 542-2127 |/\| jesseb at uga dot edu |~~| - ---------------------------------------- No matter that we may mount on stilts, we still must walk on our own legs. And on the highest throne in the world, we still sit only on our own bottom. -Michel de Montaigne -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org/ iEYEARECAAYFAk2l7rcACgkQ5E4CHL/YJ2oQwACfX3mdlseFCE21SiVoxyqlAhGz aIUAn1baOvk8xgLEMjetGRvLDhR3XfdB =Yoor -----END PGP SIGNATURE----- _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
