Snort IDS and omnia


I am trying to run snort.
Found this wiki
But when I try to run snort it ends with:

ERROR: Can’t find pcap DAQ!
Fatal Error, Quitting…

libpcap and libdaq is installed.
Anyone esle try to runt snort on omnia?



No progress since? noumes?


Finaly got snort working!

In config file snort.conf need set up
config daq: pcap
config daq_dir: /usr/lib/daq —because this is set only in init file so when runing snort via cmd ends error without this


Nice, do you have some results? How good is SNORT?


I have snort up and running on the Omnia with zero output or alerts. Would love to see configs if anyone has this working successfully!


Same problem got zero output from snort.
Sending log to remote syslog didnt work for me
output alert_syslog: host=IP:port, LOG_AUTH LOG_ALERT.

run snort with -l creates file but file is still empty

in syslog there is only statistic when stoping snort nothing else


I found some output… cat /var/log/messages |grep snort

2017-01-13T13:25:07-05:00 alert snort[]: [1:2006380:12] ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.XX.XXX:58396 -> 192.168…XX.XXX:80

These alerts, oddly, are not available for viewing with a simple “cat /var/log/messages” and nor are they showing up in my graylog2 instance. I only found them with: cat /var/log/messages |grep snort

A note - I also updated the snort rules using on a different host and synced them over to the turris box. I also disabled DNP and MOD processors to reduce memory consumption.


I added those 2 lines in the config.
Libdaq is installed, I verified the path.
Did you do other changes?


I got it to work, and I added output alert_fast: to my snort.conf

It writes alerts in/var/log/snort/

It doesn’t work when it runs with -s option, that is the default on /etc/init.d/snort


Awesome to see someone got it working. Be nice if you summarised the experience and how to install it and get it going as a community doc: