ERROR - pcap open failed

703 views
Skip to first unread message

Andrey Yesyev

unread,
Aug 28, 2014, 1:58:45 PM8/28/14
to moloc...@googlegroups.com
Hi there!

I just manage to install and set up Moloch on my VM.
I'm trying to start it and generate some traffic on the interface Moloch listens on. But since some time I got this Error in the log file.

Aug 28 09:10:22 nids.c:382 moloch_nids_output_cb(): Opening /opt/moloch/pcap/localhost-140828-00000011.pcap
Aug 28 09:10:22 nids.c:390 moloch_nids_output_cb(): ERROR - pcap open failed - Couldn't open file: '/opt/moloch/pcap/localhost-140828-00000011.pcap' with Permission denied  (13)

The file actually never showed up in this folder.
Why it tries to find it there?

There is another row in the log file

Aug 28 09:04:36 db.c:1269 moloch_db_create_file(): Creating file 11 with key >/files/file/localhost-11?refresh=true< using >{"num":11, "name":"/opt/moloch/pcap/localhost-140828-00000011.pcap", "first":1409241871, "node":"localhost", "locked":0}<

Looks like here it tries to create a file, but failed?

-Andrey

Andrey Yesyev

unread,
Aug 28, 2014, 4:36:47 PM8/28/14
to moloc...@googlegroups.com
Is this group active?

Andy

unread,
Aug 28, 2014, 4:46:03 PM8/28/14
to moloc...@googlegroups.com
The problem is just what it says, it couldn't open the file there to write.  Check permissions and other normal stuff.

Andy

unread,
Aug 28, 2014, 4:47:17 PM8/28/14
to moloc...@googlegroups.com
probably more likely to get help on #moloch-fpc

On Thursday, August 28, 2014 4:36:47 PM UTC-4, Andrey Yesyev wrote:
Is this group active?

Andrey Yesyev

unread,
Aug 29, 2014, 9:55:00 AM8/29/14
to Andy, moloc...@googlegroups.com
All permissions are set. Everything is running under root.


--
You received this message because you are subscribed to a topic in the Google Groups "Moloch Full Packet Capture" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/moloch-fpc/mlSBynYT9dw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to moloch-fpc+...@googlegroups.com.
To post to this group, send email to moloc...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Andy

unread,
Aug 29, 2014, 10:05:55 AM8/29/14
to moloc...@googlegroups.com, andy...@gmail.com
So you commented out dropUser in the config file and verified everything is running as root with ps?  Are you writing to a nfs share that root can't write to maybe?  Otherwise I have no clue.

Andrey Yesyev

unread,
Aug 29, 2014, 10:07:40 AM8/29/14
to Andy, moloc...@googlegroups.com
Thanks for these tips. I'll check it out.


On 29 August 2014 10:05, Andy <andy...@gmail.com> wrote:
So you commented out dropUser in the config file and verified everything is running as root with ps?  Are you writing to a nfs share that root can't write to maybe?  Otherwise I have no clue.

--

Andrey Yesyev

unread,
Aug 29, 2014, 10:28:28 AM8/29/14
to Andy, moloc...@googlegroups.com
Well, works now. I missed that part with dropUser in config file.
Thanks again!
Reply all
Reply to author
Forward
0 new messages