problema con IPS(snorby,barnyard2,snort,mysql)

[tecasoft]

buenas gente tengo el siguiente problema con IPS(snorby,barnyard2,snort,mysql)

en /var/log/snort/ tengo esto parece que no arroja ningun evento:

Código (apache) [Seleccionar] Expandir


-rw-r--r--  1 root  adm      0 feb 28 07:43 alert
-rw-r--r--  1 snort snort    0 feb 28 03:01 barnyard2.waldo
-rw-r-----  1 snort snort    0 feb 28 05:41 snort.log
-rw-------  1 root  adm      0 feb 28 07:46 snort.log.1519800367
-rw-------  1 root  adm      0 feb 28 07:48 snort.log.1519800516
-rw-------  1 root  adm      0 feb 28 07:52 snort.log.1519800741
-rw-------  1 root  adm      0 feb 28 09:32 snort.log.1519806731
-rw-------  1 root  adm      0 feb 28 09:56 snort.log.1519808201
-rw-------  1 snort adm      0 feb 28 10:03 snort.log.1519808582
-rw-------  1 snort adm      0 feb 28 10:25 snort.log.1519809913
-rw-------  1 snort adm      0 feb 28 10:27 snort.log.1519810021
-rw-------  1 snort adm      0 feb 28 10:29 snort.log.1519810149




si hago /etc/init.d/snort restart me da fallo entonces hago journalctl -xe y me arroja lo siguiente:

Código (apache) [Seleccionar] Expandir


journalctl -xe
feb 28 11:07:55 servidor1 snort[19035]: |     1 byte states : 1.02
feb 28 11:07:55 servidor1 snort[19035]: |     2 byte states : 14.05
feb 28 11:07:55 servidor1 snort[19035]: |     4 byte states : 0.00
feb 28 11:07:55 servidor1 snort[19035]: +----------------------------------------------------------------
feb 28 11:07:55 servidor1 snort[19035]: [ Number of patterns truncated to 20 bytes: 1039 ]
feb 28 11:07:55 servidor1 snort[19035]: afpacket DAQ configured to inline.
feb 28 11:07:55 servidor1 snort[19035]: FATAL ERROR: Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize: Invalid interface specification: '
feb 28 11:07:55 servidor1 snort[19027]: Starting Network Intrusion Detection System : snort (enp3s0 using /etc/snort/snort.conf ...ERROR: failed (che
feb 28 11:07:55 servidor1 systemd[1]: snort.service: Control process exited, code=exited status=1
feb 28 11:07:55 servidor1 systemd[1]: Failed to start LSB: Lightweight network intrusion detection system.
-- Subject: Unit snort.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit snort.service has failed.
--
-- The result is failed.
feb 28 11:07:55 servidor1 systemd[1]: snort.service: Unit entered failed state.
feb 28 11:07:55 servidor1 systemd[1]: snort.service: Failed with result 'exit-code'.