Snort mailing list archives
appid errors after missing file of manual
From: Chihwah Li via Snort-users <snort-users () lists snort org>
Date: Tue, 14 May 2019 00:16:20 +0200
What I am trying to do, install AppID from: https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/138/original/Snort_3.0.0-a4-245_on_Ubuntu_14_16_18.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190513%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190513T174310Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=440a05570e25f4ca2e4183f853fa717646a9c125ca2b5b8a7569a247e19cba30 Does not work in your guide: wget https://www.snort.org/downloads/openappid/7630 -O OpenAppId-7630.tar.gz I improvised and changed to :wget https://www.snort.org/downloads/openappid/10229 -O snort-openappid.tar.gz
But after trying out with $ snort -c /usr/local/etc/snort/snort.lua --warn-all
I receive the errors: o")~ Snort++ 3.0.0-255 -------------------------------------------------- Loading /usr/local/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: ssh host_cache pop binder stream_tcp network gtp_inspect packets dce_http_proxy stream_icmp normalizer ftp_server stream_udp search_engine ips dce_smb latency wizard appid file_id ftp_data hosts smtp port_scan dce_http_server modbus dce_tcp telnet host_tracker ssl sip rpc_decode http2_inspect http_inspect back_orifice stream_user stream_ip classifications dnp3 active ftp_client daq decode alerts stream references arp_spoof output dns dce_udp imap process stream_file Finished /usr/local/etc/snort/snort.lua: -------------------------------------------------- rule counts total rules loaded: 476 builtin rules: 476 option chains: 476 chain headers: 1 -------------------------------------------------- port rule counts tcp udp icmp ip any 476 0 0 0 total 476 0 0 0WARNING: appid: no lua detectors found in directory '/usr/local/lib/custom/lua/*'
WARNING: appid: no entry in appMapping.data for 3588 WARNING: appid: no entry in appMapping.data for 3589 WARNING: appid: no entry in appMapping.data for 110 WARNING: appid: no entry in appMapping.data for 276 WARNING: appid: no entry in appMapping.data for 65 WARNING: appid: no entry in appMapping.data for 65 WARNING: appid: no entry in appMapping.data for 131 WARNING: appid: no entry in appMapping.data for 131 WARNING: appid: no entry in appMapping.data for 41 WARNING: appid: no entry in appMapping.data for 41 WARNING: appid: no entry in appMapping.data for 115 WARNING: appid: no entry in appMapping.data for 115 WARNING: appid: no entry in appMapping.data for 3834 WARNING: appid: no entry in appMapping.data for 3834 WARNING: appid: no entry in appMapping.data for 197 WARNING: appid: no entry in appMapping.data for 197 WARNING: appid: no entry in appMapping.data for 199 WARNING: appid: no entry in appMapping.data for 199 WARNING: appid: no entry in appMapping.data for 228 WARNING: appid: no entry in appMapping.data for 228 WARNING: appid: no entry in appMapping.data for 227 WARNING: appid: no entry in appMapping.data for 227 WARNING: appid: no entry in appMapping.data for 249 WARNING: appid: no entry in appMapping.data for 249 WARNING: appid: no entry in appMapping.data for 3197 WARNING: appid: no entry in appMapping.data for 3197 WARNING: appid: no entry in appMapping.data for 300 WARNING: appid: no entry in appMapping.data for 300 WARNING: appid: no entry in appMapping.data for 290 WARNING: appid: no entry in appMapping.data for 290 WARNING: appid: no entry in appMapping.data for 302 WARNING: appid: no entry in appMapping.data for 302 WARNING: appid: no entry in appMapping.data for 291 WARNING: appid: no entry in appMapping.data for 291 WARNING: appid: no entry in appMapping.data for 337 WARNING: appid: no entry in appMapping.data for 337 WARNING: appid: no entry in appMapping.data for 339 WARNING: appid: no entry in appMapping.data for 339 WARNING: appid: no entry in appMapping.data for 358 WARNING: appid: no entry in appMapping.data for 358 WARNING: appid: no entry in appMapping.data for 361 WARNING: appid: no entry in appMapping.data for 361 WARNING: appid: no entry in appMapping.data for 383 WARNING: appid: no entry in appMapping.data for 383 WARNING: appid: no entry in appMapping.data for 384 WARNING: appid: no entry in appMapping.data for 384 WARNING: appid: no entry in appMapping.data for 385 WARNING: appid: no entry in appMapping.data for 385 WARNING: appid: no entry in appMapping.data for 843 WARNING: appid: no entry in appMapping.data for 843 WARNING: appid: no entry in appMapping.data for 3938 WARNING: appid: no entry in appMapping.data for 388 WARNING: appid: no entry in appMapping.data for 388 WARNING: appid: no entry in appMapping.data for 419 WARNING: appid: no entry in appMapping.data for 419 WARNING: appid: no entry in appMapping.data for 418 WARNING: appid: no entry in appMapping.data for 418 WARNING: appid: no entry in appMapping.data for 439 WARNING: appid: no entry in appMapping.data for 439 WARNING: appid: no entry in appMapping.data for 434 WARNING: appid: no entry in appMapping.data for 434 WARNING: appid: no entry in appMapping.data for 437 WARNING: appid: no entry in appMapping.data for 437 WARNING: appid: no entry in appMapping.data for 3396 WARNING: appid: no entry in appMapping.data for 3396 WARNING: appid: no entry in appMapping.data for 513 WARNING: appid: no entry in appMapping.data for 513 WARNING: appid: no entry in appMapping.data for 2313 WARNING: appid: no entry in appMapping.data for 2313 WARNING: appid: no entry in appMapping.data for 90 WARNING: appid: no entry in appMapping.data for 90 -------------------------------------------------- pcap DAQ configured to passive. Snort successfully validated the configuration (with 72 warnings).----------------------- ---------------------------------------------------------------------------------------
Because of file that I could not find the installation outcome is different. No idea how to fix.
what can I do? Thank you in advance. Kindest regards, Chihwah Li
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- appid errors after missing file of manual Chihwah Li via Snort-users (May 14)
- Re: appid errors after missing file of manual Dorian ROSSE via Snort-users (May 15)
- Re: appid errors after missing file of manual Dorian ROSSE via Snort-users (May 15)
- Re: appid errors after missing file of manual Shravan Rangarajuvenkata (shrarang) via Snort-users (May 15)
- Re: appid errors after missing file of manual samarth--- via Snort-users (May 16)