I can't seem to find the answer to this issue. A lot of topics exist for similar errors but they are all Linux based.
The issue I'm having is that when attempting to run Snort (snort.exe -v -I), it will capture nothing but I assume this is because I have not set an interface. After running snort.exe -W, I found the interface to use and specified this in the command line but I get the following error - ERROR: Can't set DAQ BPF filter to '2'.
I skipped past this error briefly to try and test Snort with -T and -c to specify the config file but it gives the following error - Missing/incorrect dynamic engine lib specifier. I located this line in the config file and changed it from /usr/local/snort_dynamicengine/libsf_engine.so to c:\Snort\lib\snort_dynamicengine\sf_engine.dll (the correct path and file name) but the error remains.
I remember installing Snort on a Windows Server 2012 deployment a couple of months back with no issues at all.
Any idea what is causing this error?
NOTE: I've also corrected the other paths i.e. rules.
Rule to Remember
Always use a proper text editor to edit config file like this because some time when you copy and paste code in notepad and edit so some extra spaces added into the text which cause increase in bytes or altering the code statements. Good thing is some editors provide proper line number so you can easily navigate to the error show by snort in command prompt.
Solution
In My Scenario
due to this
this is because some spaces were added after
After Removing white space
Finally dynamic engine line should look like this to make it work
I just had also the Problem, and solve it delete a single /
So i edit:
This "\" was wrong
I know the answer is late, but still, I just ran into this issue and I think a valid answer should be provided. Anyways, the problem is based on paths, all of the snort.conf file are paths relative to linux specific locations. So that's problem number one, the second problem comes with snort parsing whatever path you give it in the -c option and prepending it to all the rules path (I know, weird) this should not happen if you (and most windows users) use absolute paths. So the solution I came up with is:
PLEASE NOTE, every single path is wrong, the following snippet only helps you to advance one step, after this, you need to correct all the file paths.
In your snort.conf file (usually c:\snort\etc\snort.conf)