[Snort-users] FreeBSD 5.3 OpenPcap() FSM compilation failed:
This is a discussion on [Snort-users] FreeBSD 5.3 OpenPcap() FSM compilation failed: within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C4EDE1.A357CF6A Content-Type: text/plain; charset="us-ascii&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-29-2004
|
|||
|
|||
[Snort-users] FreeBSD 5.3 OpenPcap() FSM compilation failed:
This is a multi-part message in MIME format.
------_=_NextPart_001_01C4EDE1.A357CF6A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I am running FreeBSD 5.3 and port installation of snort 2.1.3 It seems to run OK with default startup script in /usr/local/etc/rc.d/snort.sh But when I try run with option -F bpf support it failed. =20 It runs OK with the following: /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em1 =20 But when I try to add -F bpf support, it failed /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em1 -F /usr/local/share/snort/filters.bpf =20 below is the error I got =20 wa05sp# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em1 -F /usr/local/share/snort/filters.bpf Running in IDS mode Log directory =3D /var/log/snort =20 Initializing Network Interface em1 OpenPcap() device em1 network lookup: em1: no IPv4 address assigned ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: not dst host 224.0.0.13 not dst host 224.0.16.171 not dst host 237.168.2.151 =20 Fatal Error, Quitting.. =20 wa05sp# less /usr/local/share/snort/filters.bpf not dst host 224.0.0.13 not dst host 224.0.16.171 not dst host 237.168.2.151 /usr/local/share/snort/filters.bpf (END) =20 This is a Dell PowerEdge 2850 with 2 Gig built in network ports =20 Thanks for your help ------_=_NextPart_001_01C4EDE1.A357CF6A Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 11"> <meta name=3DOriginator content=3D"Microsoft Word 11"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C4ED9E.94F275B0"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:UseWord2002TableStyleRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState=3D"false" LatentStyleCount=3D"156"> </w:LatentStyles> </xml><![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I am running FreeBSD 5.3 and port installation of = snort 2.1.3<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>It seems to run OK with default startup script in = /<span class=3DSpellE>usr/local/etc/rc.d/snort.sh</span><o:p></o:p></span></font= ></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>But when I try run with option –F <span = class=3DSpellE>bpf</span> support it failed.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>It runs OK with the = following:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>/<span class=3DSpellE>usr</span>/local/bin/snort -c = /<span class=3DSpellE>usr/local/etc/snort.conf</span> –<span = class=3DSpellE>i</span> em1<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>But when I try to add –F <span = class=3DSpellE>bpf</span> support, it failed<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>/<span class=3DSpellE>usr</span>/local/bin/snort -c = /<span class=3DSpellE>usr/local/etc/snort.conf</span> -<span = class=3DSpellE>i</span> em1 -F /<span = class=3DSpellE>usr/local/share/snort/filters.bpf</span><o:p></o:p></span>= </font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>below</span></font></span><f= ont size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> is the error I got<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>wa05sp# /<span = class=3DSpellE>usr</span>/local/bin/snort -c /<span class=3DSpellE>usr/local/etc/snort.conf</span> -<span = class=3DSpellE>i</span> em1 -F /<span = class=3DSpellE>usr/local/share/snort/filters.bpf</span><o:p></o:p></span>= </font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Running in IDS mode<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Log directory =3D /<span = class=3DSpellE>var</span>/log/snort<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Initializing Network Interface = em1<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DSpellE><span class=3DGramE><font = size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>OpenPcap</span></font></span= ></span><span class=3DGramE><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family: Arial'>(</span></font></span><font size=3D2 face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial'>) device em1 network = lookup:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>em1: no IPv4 address assigned<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>ERROR: <span class=3DSpellE><span = class=3DGramE>OpenPcap</span></span><span class=3DGramE>(</span>) FSM compilation = failed:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DGramE>syntax</span> error<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>PCAP command: not <span class=3DSpellE><span = class=3DGramE>dst</span></span> host 224.0.0.13<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>not</span></font></span><fon= t size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> <span class=3DSpellE>dst</span> host 224.0.16.171<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>not</span></font></span><fon= t size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> <span class=3DSpellE>dst</span> host = 237.168.2.151<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Fatal Error, Quitting<span = class=3DGramE>..</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>wa05sp# less /<span = class=3DSpellE>usr/local/share/snort/filters.bpf</span><o:p></o:p></span>= </font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>not</span></font></span><fon= t size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> <span class=3DSpellE>dst</span> host 224.0.0.13<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>not</span></font></span><fon= t size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> <span class=3DSpellE>dst</span> host 224.0.16.171<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>not</span></font></span><fon= t size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> <span class=3DSpellE>dst</span> host = 237.168.2.151<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>/<span = class=3DSpellE>usr/local/share/snort/filters.bpf</span> (END)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>This is a Dell <span class=3DSpellE>PowerEdge</span> = 2850 with 2 Gig built in network ports<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Thanks for your help<o:p></o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C4EDE1.A357CF6A-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
