0

To start, I am entirely new to Linux and am doing this as part of my final year project at university, I have never used linux before a few weeks ago and I have been hitting roadblock after roadblock trying to get snort installed and working for 6-7 weeks now (1-4 hours a week) among my other modules.

I have a virtual machine running Ubuntu latest release. the VM has 2 network interfaces, one is for access to the internet and the other going to be used to feed pcap files into with tcpreplay, this is named intnet in VM settings, and enp0s8 in Linux. I used the command lines sudo apt install -y snort and snort -v -c /etc/snort/snort.conf which I found Here and Here respectively. I used the first link after resetting my VM for the 3rd time and could not get snort to find LUAJit. after this I ran wget https://www.snort.org/downloads/community/community-rules.tar.gz -O community-rules.tar.gz and finally tar -xvzf community.tar.gz -C /etc/snort/rules from the snort website, found Here under Step 3. note I had to change the last command to tar -xvzf community-rules.tar.gz -C /etc/snort/rules to get it to work, not sure if this is a mistake on the website or on my end.

When i run snort using snort -v , to run in verbose mode, there are no errors or warnings, but when I use snort -i enp0s8 for the specific network I want to use I get a warning that is something about no pre-processors for policy 0. This is an error I had a lot while trying to install snort at all let alone work with it. I have also noticed that there is a test using snort -t (possibly uppercase T, can't remember), I get an error regarding not using a rules file, but then when I use the snort -c to specify community-rules I can't seem to get it to accept the rules file although this is just because I'm assuming test is a general test of the program, might be wrong about that.

This is beginning to really stress me out, to the point of making this account just to see if anyone can help.

any help is much appreciated, it is almost midnight I will be back on tomorrow morning so sorry if I don't reply for a while

tl;dr snort monitoring wrong interface,, using -i gives pre-processor warning, -t says no rules file and -c will not recognise rules file

TheGlink
  • 11
  • tl;dr actually costs you, here on StackOverflow. –  Nov 30 '19 at 01:00
  • Costs what exactly? Should I remove it? Thanks – TheGlink Nov 30 '19 at 01:06
  • Try googling 'no pre-processors for policy 0'. –  Nov 30 '19 at 01:28
  • If you look my second link is to my results from that Google search. This fixed the initial problem for snort - v, but it's still giving the warnings for other interfaces. I think it may be an issue with the configuration, but I can't find anything in that it even understand or know where to start. Thanks for the reply – TheGlink Nov 30 '19 at 02:27
  • Stack Overflow is a site for programming and development questions. You should probably use another site on the [Stack Exchange network](https://stackexchange.com/sites) for this question. Also see [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. https://superuser.com/questions/tagged/snort. – jww Nov 30 '19 at 03:54
  • Okay thanks, might I ask for a suggestion as to which might be best suited? As stated I am new to stack overflow, well beyond just reading answers, so I have little experience with it, thanks in advance – TheGlink Dec 01 '19 at 02:07
  • did you solve the problem? I have the same issue. – blkpingu Dec 20 '19 at 13:21

0 Answers0