FATAL ERROR: pcap DAQ does not support inline.

[0x7fff9]

hello and happy new year!! 1st I'd like to thank you for the Autosnort and also the amazing work you do for learners like me!

I am facing an issue when running snort inline. before this I had many issues that I could found and fix like change 148 mysql -uroot -p$snort_mysql_pass to 148 mysql -usnort -p$snort_mysql_pass on autosguil-ubuntu.sh and some more just on my own capabilities to damage stuff :)

now with everything looking good at this step (blahg/?p=437) I am getting an error for inline operation on the snort.

FATAL ERROR: pcap DAQ does not support inline.

Reading around I notice the error is related to the need of using DAQ instead of pcap however DAQ is declared on the command given in the /etc/init.d/snortbarn so I am completely lost on what's wrong.

If I run snort without -Q everything works OK, so I am assuming something related to inline is failing.

Installed modules:

root@malware-ids001:/home/gg/git/Autosnort/Autosnort - Ubuntu# /opt/snort/bin/snort --daq-list Available DAQ modules: pcap(v3): readback live multi unpriv nfq(v7): live inline multi ipfw(v3): live inline multi unpriv dump(v3): readback live inline multi unpriv afpacket(v5): live inline multi unpriv

System specs:

root@malware-ids001:/home/gg/git/Autosnort/Autosnort - Ubuntu# uname -ropi 3.13.0-106-generic x86_64 x86_64 GNU/Linux

it's running on virtualbox on a macbook pro 16GB.

thanks!

cheers.

[0x7fff9]

hello!! after some more hours of troubleshooting I am able to daemonize Snort!! is it ok like this? snort 1636 1 0 14:14 ? 00:00:00 /opt/snort/bin/snort -D -u snort -g snort -c /opt/snort/etc/snort.conf -i eth0:eth1 --daq afpacket -Q

isn't -Q and -daq-mode inlinerefering to the same? by disabling -daq-mode inline it works.

cheers!!