Help me !! Snort: ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
 

hi i'm using snort version 2.9.11.1 ,

i can't run my snort log by using this command

ubuntu@ubuntu-16:/etc$ snort -A console -q -c /etc/snort/snort.conf -i ens3

ERROR: Can't start DAQ (-1) - socket: Operation not permitted! Fatal Error, Quitting..

Can someone suggest the best solution to this problem?

Hi aini,

Welcome!

You have to start it as root and then drop permissions using the -u and -g switches. The user that starts snort needs to open a socket.

hi Awesomemachine,
thanks for your suggestion.

i'm really sorry i don't understand, can u briefly describe about it?

If you don't understand what the root user is, or how/why to use it, how are you able to install Snort?? Are you not the administrator?

You run "sudo <whatever command>" to execute it with root permissions. Or you run "su - root", enter the root password, and start whatever you want.

If you don't understand my post, you'll need to familiarize yourself with the snort man page.

Hi Awesomemachine and TBOne,

i've got it. I reinstall snort as root and i run my snort using this command,

sudo snort -A console -i ens3 -u snort -g snort -c /etc/snort/snort.conf

so now my snort can work properly.

Thanks for you help .