LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-24-2018, 11:04 PM   #1
aini
LQ Newbie
 
Registered: Jul 2018
Posts: 3

Rep: Reputation: Disabled
Help me !! Snort: ERROR: Can't start DAQ (-1) - socket: Operation not permitted!


hi i'm using snort version 2.9.11.1 ,

i can't run my snort log by using this command

ubuntu@ubuntu-16:/etc$ snort -A console -q -c /etc/snort/snort.conf -i ens3

ERROR: Can't start DAQ (-1) - socket: Operation not permitted! Fatal Error, Quitting..

Can someone suggest the best solution to this problem?
 
Old 07-25-2018, 12:37 AM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Hi aini,

Welcome!

You have to start it as root and then drop permissions using the -u and -g switches. The user that starts snort needs to open a socket.
 
1 members found this post helpful.
Old 07-25-2018, 01:59 AM   #3
aini
LQ Newbie
 
Registered: Jul 2018
Posts: 3

Original Poster
Rep: Reputation: Disabled
hi Awesomemachine,
thanks for your suggestion.

i'm really sorry i don't understand, can u briefly describe about it?
 
Old 07-27-2018, 06:59 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by aini View Post
hi Awesomemachine,
thanks for your suggestion. i'm really sorry i don't understand, can u briefly describe about it?
If you don't understand what the root user is, or how/why to use it, how are you able to install Snort?? Are you not the administrator?

You run "sudo <whatever command>" to execute it with root permissions. Or you run "su - root", enter the root password, and start whatever you want.
 
Old 07-27-2018, 07:49 PM   #5
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
If you don't understand my post, you'll need to familiarize yourself with the snort man page.
 
Old 07-31-2018, 11:44 AM   #6
aini
LQ Newbie
 
Registered: Jul 2018
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hi Awesomemachine and TBOne,

i've got it. I reinstall snort as root and i run my snort using this command,

sudo snort -A console -i ens3 -u snort -g snort -c /etc/snort/snort.conf

so now my snort can work properly.

Thanks for you help .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort: ERROR: Can't start DAQ (-1) - socket: Operation not permitted! OtagoHarbour Linux - Newbie 4 10-26-2013 09:13 AM
Error creating directory: Operation not permitted alirezaimi Linux - Newbie 16 04-02-2013 10:51 AM
FAT32 error operation not permitted Maverick1182 Mandriva 5 06-23-2006 02:09 AM
mknod gives Operation Not Permitted error choobad Linux - Software 2 07-13-2004 06:46 AM
Type Read: Operation Not Permitted Error Snabber Linux - Newbie 5 06-05-2003 09:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration