FATAL ERROR: Can't start DAQ (-1) - pfring_open(): unable to open device 'eth1'. Please use -i <device>!
278 views
Skip to first unread message
aro...@insecure-it.com
Jun 19, 2013, 2:46:20 PM6/19/13
to meta...@googlegroups.com
Hello all,
I've installed Snort as a VM. Host OS is CentOS using KVM, Guest OS is also CentOS. I ran threw all the steps from the www.metaflows.com/technology/pf-ring/ site an all seemed to go well. That is until I try to start Snort, and I get this error.
FATAL ERROR: Can't start DAQ (-1) - pfring_open(): unable to open device 'eth1'. Please use -i <device>!
If I just use afpacket, its runs fine. Is it driver, or maybe the hardware? I also reinstalled the intel e1000 driver from the metaflows site. What else should I look at?
I've installed Snort as a VM. Host OS is CentOS using KVM, Guest OS is also CentOS. I ran threw all the steps from the www.metaflows.com/technology/pf-ring/ site an all seemed to go well. That is until I try to start Snort, and I get this error.
FATAL ERROR: Can't start DAQ (-1) - pfring_open(): unable to open device 'eth1'. Please use -i <device>!
If I just use afpacket, its runs fine. Is it driver, or maybe the hardware? I also reinstalled the intel e1000 driver from the metaflows site. What else should I look at?
Tim Covel
Jun 19, 2013, 4:14:24 PM6/19/13
to meta...@googlegroups.com
It could be related to KVM, we have not tested running inside of a KVM
environment.
after running snort and receiving the error, check /var/log/messages and
also run the 'dmesg' command to see if any errors related to pf_ring are
present, that may help to find the cause.
since it is KVM I would also check /var/log/audit on the host and the
guest if selinux is enabled, there could be some issue there.
> --
> You received this message because you are subscribed to the Google
> Groups "Metaflows" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to metaflows+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
environment.
after running snort and receiving the error, check /var/log/messages and
also run the 'dmesg' command to see if any errors related to pf_ring are
present, that may help to find the cause.
since it is KVM I would also check /var/log/audit on the host and the
guest if selinux is enabled, there could be some issue there.
> You received this message because you are subscribed to the Google
> Groups "Metaflows" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to metaflows+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Reply all
Reply to author
Forward
0 new messages