Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Minor notes snort-3.0.0-a1

From: Y M <snort () outlook com>
Date: Tue, 16 Dec 2014 03:28:21 +0000


From: rucombs () cisco com
To: snort () outlook com
CC: snort-devel () lists sourceforge net
Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1
Date: Mon, 15 Dec 2014 22:06:32 +0000







A fix for the 1st issue was pushed to github.  Did you get the 2nd issue resolved?
-- Thanks Russ. Still no luck at getting around the 2nd issue. I still have couple of things to try, will report back.
 



Thanks
Russ






From: Y M [snort () outlook com]

Sent: Saturday, December 13, 2014 9:02 AM

To: Russ Combs (rucombs)

Cc: snort-devel () lists sourceforge net

Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1












From: rucombs () cisco com

To: snort () outlook com

CC: snort-devel () lists sourceforge net

Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1

Date: Sat, 13 Dec 2014 12:54:22 +0000









From: Y M [snort () outlook com]

Sent: Saturday, December 13, 2014 7:33 AM

To: Russ Combs (rucombs)

Cc: snort-devel () lists sourceforge net

Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1












From: rucombs () cisco com

To: snort () outlook com

CC: snort-devel () lists sourceforge net

Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1

Date: Sat, 13 Dec 2014 12:27:52 +0000









From: Y M [snort () outlook com]

Sent: Saturday, December 13, 2014 7:22 AM

To: Russ Combs (rucombs)

Cc: snort-devel () lists sourceforge net

Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1








Inline please.



From: rucombs () cisco com

To: snort () outlook com; snort-devel () lists sourceforge net

Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1

Date: Sat, 13 Dec 2014 12:02:08 +0000




Thanks for the report.  Comments below.






From: Y M [snort () outlook com]

Sent: Saturday, December 13, 2014 4:28 AM

To: snort-devel () lists sourceforge net

Subject: [Snort-devel] Minor notes snort-3.0.0-a1






1. Difference in performance profiling configuration option when building snort with cmake vs. autotools:

    cmake accepts enable-perfprofiling but not enable-perf-profiling
    autotools accepts enable-perf-profiling but not enable-perfprofiling



* We will get cmake updated to match auto tools here.



-- Awesome, thanks.



2. When running snort, a fatal error may be generated:
     FATAL: can't init /usr/local/snort/etc/snort.lua: /usr/local/snort/etc/snort.lua:22: module 'snort_config' not 
found:
no field package.preload['snort_config']
no file './snort_config.lua'
no file '/usr/local/share/luajit-2.0.3/snort_config.lua'
no file '/usr/local/share/lua/5.1/snort_config.lua'
no file '/usr/local/share/lua/5.1/snort_config/init.lua'
no file './snort_config.so'
no file '/usr/local/lib/lua/5.1/snort_config.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
      Fatal Error, Quitting..



    snort_config.lua is not copied to /etc when installing snort. Manually copying snort_config.lua to /etc fixes the 
issue. 



* Did you export LUA_PATH to point to the directory where snort_config.lua is installed?  LUA_PATH is for required 
files, i.e. files loaded by LuaJIT automatically, whereas SNORT_LUA_PATH
 is for Snort configuration include paths.  The two are distinct and must be set correctly.



-- Yes:




dev@snortalpha:~$ echo $LUA_PATH
/usr/local/snort/include/snort/lua/?.lua;;
dev@snortalpha:~$ echo $SNORT_LUA_PATH
/usr/local/snort/etc




* So does this exist?



/usr/local/snort/include/snort/lua/snort_config.lua



-- Yes:




dev@snortalpha:~$ ls -l /usr/local/snort/include/snort/lua/
total 8
-rw-r--r-- 1 root root 3041 Dec 12 12:21 snort_config.lua
-rw-r--r-- 1 root root 1531 Dec 12 12:21 snort_plugin.lua



* There is something wrong with setting LUA_PATH in your environment.  If I unset LUA_PATH, I get a FATAL error with a 
similar list of search paths:




FATAL: can't init /Users/rucombs/install/auto/etc/snort/snort.lua: /Users/rucombs/install/auto/etc/snort/snort.lua:22: 
module 'snort_config' not found:
no field package.preload['snort_config']
no file './snort_config.lua'

        ...



If I set LUA_PATH and delete snort_config.lua from that path, then I get a FATAL that includes the LUA_PATH at the top 
of the search list (the first no file):





FATAL: can't init /Users/rucombs/install/auto/etc/snort/snort.lua: /Users/rucombs/install/auto/etc/snort/snort.lua:22: 
module 'snort_config' not found:
no field package.preload['snort_config']
no file '/Users/rucombs/install/auto/include/snort/lua/snort_config.lua'
no file './snort_config.lua'
        ...



Since your output above doesn't show an attempt at your LUA_PATH, it seems as if it is just not set in your execution 
environment.



-- Makes since. I did unset/set LUA_PATH and SNORT_LUA_PATH and added to PATH as well and still no luck. I will have to 
re-look at this.




dev@snortalpha:~$ printenv | grep LUA
SNORT_LUA_PATH=/usr/local/snort/etc
LUA_PATH=/usr/local/snort/include/lua/?.lua;;
dev@snortalpha:~$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/snort/include/lua/?.lua;;:/usr/local/snort/etc
dev@snortalpha:~$ echo $LUA_PATH
/usr/local/snort/include/lua/?.lua;;
dev@snortalpha:~$ echo $SNORT_LUA_PATH
/usr/local/snort/etc








3. Difference in dump_stats() when running with --shell and dump_stats() after running quit():



* This is a known issue already on the todo list.  Glad to see someone actually tried it.  :)



-- Glad to know its a known issue. Thanks.
    
    o")~ 
dump_stats()
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                    pcaps: 1
--------------------------------------------------
Module Statistics
--------------------------------------------------
Summary Statistics
--------------------------------------------------
process
           local commands: 12
o")~ 



o")~ 
quit()
== stopping
o")~ 
-- [0] eth0
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                    pcaps: 1
                 received: 118
                 analyzed: 118
                    allow: 118
                     idle: 2
--------------------------------------------------
codec
                    total: 122        
(100.000%)
                 discards: 18          
( 14.754%)
                      arp: 2          
(  1.639%)
                      eth: 122        
(100.000%)
                    icmp4: 78          
( 63.934%)
                     ipv4: 120        
( 98.361%)
                      tcp: 36          
( 29.508%)
                      udp: 6          
(  4.918%)
--------------------------------------------------
Module Statistics
--------------------------------------------------
back_orifice
                  packets: 3
--------------------------------------------------
binder
                  packets: 8
                 inspects: 8
--------------------------------------------------
perf_monitor
                  packets: 100
--------------------------------------------------
port_scan_global
                  packets: 98
--------------------------------------------------
stream
                tcp flows: 4
                udp flows: 3
               icmp flows: 1
--------------------------------------------------
stream_icmp
                  created: 1
                 released: 1
--------------------------------------------------
stream_tcp
                 sessions: 4
                 timeouts: 2
            data trackers: 4
         trackers created: 4
        trackers released: 4
              segs queued: 5
            segs released: 5
          client cleanups: 4
--------------------------------------------------
stream_udp
                 sessions: 3
                  created: 3
                 released: 3
--------------------------------------------------
tcp
       bad checksum (ip4): 15
--------------------------------------------------
udp
       bad checksum (ip4): 3
--------------------------------------------------
Summary Statistics
--------------------------------------------------
detection
                 analyzed: 118
--------------------------------------------------
process
           local commands: 15
--------------------------------------------------
timing
                  runtime: 00:02:49
                  seconds: 169.467279
                  packets: 118
                 pkts/sec: 0
o")~   Snort exiting



Thanks.
Yaser




















                                          
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: