Snort mailing list archives
Re: Minor notes snort-3.0.0-a1
From: Y M <snort () outlook com>
Date: Sat, 13 Dec 2014 12:33:25 +0000
From: rucombs () cisco com To: snort () outlook com CC: snort-devel () lists sourceforge net Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1 Date: Sat, 13 Dec 2014 12:27:52 +0000 From: Y M [snort () outlook com] Sent: Saturday, December 13, 2014 7:22 AM To: Russ Combs (rucombs) Cc: snort-devel () lists sourceforge net Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1 Inline please. From: rucombs () cisco com To: snort () outlook com; snort-devel () lists sourceforge net Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1 Date: Sat, 13 Dec 2014 12:02:08 +0000 Thanks for the report. Comments below. From: Y M [snort () outlook com] Sent: Saturday, December 13, 2014 4:28 AM To: snort-devel () lists sourceforge net Subject: [Snort-devel] Minor notes snort-3.0.0-a1 1. Difference in performance profiling configuration option when building snort with cmake vs. autotools: cmake accepts enable-perfprofiling but not enable-perf-profiling autotools accepts enable-perf-profiling but not enable-perfprofiling * We will get cmake updated to match auto tools here. -- Awesome, thanks. 2. When running snort, a fatal error may be generated: FATAL: can't init /usr/local/snort/etc/snort.lua: /usr/local/snort/etc/snort.lua:22: module 'snort_config' not found: no field package.preload['snort_config'] no file './snort_config.lua' no file '/usr/local/share/luajit-2.0.3/snort_config.lua' no file '/usr/local/share/lua/5.1/snort_config.lua' no file '/usr/local/share/lua/5.1/snort_config/init.lua' no file './snort_config.so' no file '/usr/local/lib/lua/5.1/snort_config.so' no file '/usr/local/lib/lua/5.1/loadall.so' Fatal Error, Quitting.. snort_config.lua is not copied to /etc when installing snort. Manually copying snort_config.lua to /etc fixes the issue. * Did you export LUA_PATH to point to the directory where snort_config.lua is installed? LUA_PATH is for required files, i.e. files loaded by LuaJIT automatically, whereas SNORT_LUA_PATH is for Snort configuration include paths. The two are distinct and must be set correctly. -- Yes: dev@snortalpha:~$ echo $LUA_PATH /usr/local/snort/include/snort/lua/?.lua;; dev@snortalpha:~$ echo $SNORT_LUA_PATH /usr/local/snort/etc * So does this exist? /usr/local/snort/include/snort/lua/snort_config.lua -- Yes: dev@snortalpha:~$ ls -l /usr/local/snort/include/snort/lua/total 8-rw-r--r-- 1 root root 3041 Dec 12 12:21 snort_config.lua-rw-r--r-- 1 root root 1531 Dec 12 12:21 snort_plugin.lua 3. Difference in dump_stats() when running with --shell and dump_stats() after running quit(): * This is a known issue already on the todo list. Glad to see someone actually tried it. :) -- Glad to know its a known issue. Thanks. o")~ dump_stats() -------------------------------------------------- Packet Statistics -------------------------------------------------- daq pcaps: 1 -------------------------------------------------- Module Statistics -------------------------------------------------- Summary Statistics -------------------------------------------------- process local commands: 12 o")~ o")~ quit() == stopping o")~ -- [0] eth0 -------------------------------------------------- Packet Statistics -------------------------------------------------- daq pcaps: 1 received: 118 analyzed: 118 allow: 118 idle: 2 -------------------------------------------------- codec total: 122 (100.000%) discards: 18 ( 14.754%) arp: 2 ( 1.639%) eth: 122 (100.000%) icmp4: 78 ( 63.934%) ipv4: 120 ( 98.361%) tcp: 36 ( 29.508%) udp: 6 ( 4.918%) -------------------------------------------------- Module Statistics -------------------------------------------------- back_orifice packets: 3 -------------------------------------------------- binder packets: 8 inspects: 8 -------------------------------------------------- perf_monitor packets: 100 -------------------------------------------------- port_scan_global packets: 98 -------------------------------------------------- stream tcp flows: 4 udp flows: 3 icmp flows: 1 -------------------------------------------------- stream_icmp created: 1 released: 1 -------------------------------------------------- stream_tcp sessions: 4 timeouts: 2 data trackers: 4 trackers created: 4 trackers released: 4 segs queued: 5 segs released: 5 client cleanups: 4 -------------------------------------------------- stream_udp sessions: 3 created: 3 released: 3 -------------------------------------------------- tcp bad checksum (ip4): 15 -------------------------------------------------- udp bad checksum (ip4): 3 -------------------------------------------------- Summary Statistics -------------------------------------------------- detection analyzed: 118 -------------------------------------------------- process local commands: 15 -------------------------------------------------- timing runtime: 00:02:49 seconds: 169.467279 packets: 118 pkts/sec: 0 o")~ Snort exiting Thanks. Yaser
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Minor notes snort-3.0.0-a1 Y M (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs) (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Y M (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs) (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Y M (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs) (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Y M (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs) (Dec 15)
- Re: Minor notes snort-3.0.0-a1 Y M (Dec 15)
- Re: Minor notes snort-3.0.0-a1 Y M (Dec 13)
- Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs) (Dec 13)