Open
Description
I did configure a cron job for downloading the latest rules.
On the ip-block-list I get an Error.
"can't set DAQ BPF filter to '/etc/snort/rules/iplists 1361' (pcap_daq_set_filter: pcap_compile: can't parse filter expression: syntax error! Fatal error, Quitting.."
Seems the app tries set the daq filter on the "IPRVersion.dat" file, and I don't know if all is downloaded and configured well, after this error.
I did check the daq setting in snort. I use snort as IDS. Default seems to be "daq-pcap-passive" as it seems I can't change much there.
- OS is Debian-11 as virtual machine
- snort 2.9.15.1 GRE (Build 15125) (installed with apt-get) , libpcap 1.10.0 (TPACKET_V3) , PCRE 8.39 2016-06-14, ZLIB 1.2.11
- pulledpork v0.7.4
How could the error be solved ?
Thank you
Metadata
Metadata
Assignees
Labels
No labels