When the interface is not eth0. We need to alter the installation snort configuration.
Error:--------------------------------------
#snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i venet0
FATAL ERROR: Cannot decode data link type 113 --------------------------------------
We need skip the decoders by using "--enable-non-ether-decoders" during configuration will solve the issue.
--------------------------------------------
cd ~/snort_src
wget
https://snort.org/downloads/snort/snort-2.9.8.0.tar.gztar -xvzf snort-2.9.8.0.tar.gz
cd snort-2.9.8.0
./configure --enable-sourcefire --enable-non-ether-decodersmake
sudo make install
----------------------------------------------
That it
