Snort mailing list archives
Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq
From: sofardware via Snort-users <snort-users () lists snort org>
Date: Thu, 10 Oct 2019 10:56:52 +0800 (CST)
No. Also can not exit by Ctrl+C, with the NFQ DAQ without reload. At 2019-10-10 10:37:54, "Russ Combs (rucombs)" <rucombs () cisco com> wrote: Does Ctrl+C exit normally with the NFQ DAQ without reload? From: sofardware <sofardware () 126 com> Date: Wednesday, October 9, 2019 at 10:13 PM To: "Tom Peters (thopeter)" <thopeter () cisco com> Cc: "Shravan Rangarajuvenkata (shrarang)" <shrarang () cisco com>, "Snort-users () lists snort org" <Snort-users () lists snort org>, "Russ Combs (rucombs)" <rucombs () cisco com> Subject: Help please!!! snort_build261 can not reload config successfully with daq in nfq Hi, I am anxious to resolve this problem. Please give me some help. Thank you very much. I have read README file in snort3 and DAQ, and did not found useful info for this problem. ----------------------- Hi, I need help for this: snort_build261 can not reload config successfully with daq in nfq, and also can not be exit by pressing keys “Ctrl+C”. But it works well with daq of not nfq. [root@localhost build]# /usr/local/snort261/bin/snort --daq-dir /usr/local/lib/daq/ --daq nfq -i 1 -c /usr/local/snort261/etc/snort/snort.lua --shell -j -------------------------------------------------- o")~ Snort++ 3.0.0-261 -------------------------------------------------- Loading /usr/local/snort261/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: ssh host_cache pop binder stream_tcp network gtp_inspect packets dce_http_proxy stream_icmp normalizer ftp_server stream_udp search_engine ips dce_smb latency wizard appid file_id ftp_data hosts smtp port_scan dce_http_server modbus dce_tcp telnet host_tracker ssl sip rpc_decode http2_inspect http_inspect back_orifice stream_user stream_ip classifications dnp3 active ftp_client daq decode alerts stream references arp_spoof output dns dce_udp imap process stream_file Finished /usr/local/snort261/etc/snort/snort.lua: -------------------------------------------------- /usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from expected version (0x30001) /usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module. /usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected version (0x30001) /usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module. nfq DAQ configured to passive. Commencing packet processing Entering command shell o")~ ++ [0] 1 reload_config('/usr/local/snort261/etc/snort/snort.lua') .. reloading configuration Loading /usr/local/snort261/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: ssh host_cache pop binder stream_tcp network gtp_inspect packets dce_http_proxy stream_icmp normalizer ftp_server stream_udp search_engine ips dce_smb latency wizard appid file_id ftp_data hosts smtp port_scan dce_http_server modbus dce_tcp telnet host_tracker ssl sip rpc_decode http2_inspect http_inspect back_orifice stream_user stream_ip classifications dnp3 active ftp_client daq decode alerts stream references arp_spoof output dns dce_udp imap process stream_file Finished /usr/local/snort261/etc/snort/snort.lua: 0 hosts loaded reload_config('/usr/local/snort261/etc/snort/snort.lua') == reload pending; retry ^C** caught int signal == stopping ^C** caught int signal == stopping ^C** caught int signal == stopping ^C** caught int signal == stopping ==============================================================================no nfq================ [root@localhost build]# /usr/local/snort261/bin/snort --daq-dir /usr/local/lib/daq/ -i eth0 -c /usr/local/snort261/etc/snort/snort.lua --shell -j -------------------------------------------------- o")~ Snort++ 3.0.0-261 -------------------------------------------------- Loading /usr/local/snort261/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: ssh host_cache pop binder stream_tcp network gtp_inspect packets dce_http_proxy stream_icmp normalizer ftp_server stream_udp search_engine ips dce_smb latency wizard appid file_id ftp_data hosts smtp port_scan dce_http_server modbus dce_tcp telnet host_tracker ssl sip rpc_decode http2_inspect http_inspect back_orifice stream_user stream_ip classifications dnp3 active ftp_client daq decode alerts stream references arp_spoof output dns dce_udp imap process stream_file Finished /usr/local/snort261/etc/snort/snort.lua: -------------------------------------------------- /usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from expected version (0x30001) /usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module. /usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected version (0x30001) /usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module. pcap DAQ configured to passive. Commencing packet processing Entering command shell o")~ ++ [0] eth0 reload_config('/usr/local/snort261/etc/snort/snort.lua') .. reloading configuration Loading /usr/local/snort261/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: ssh host_cache pop binder stream_tcp network gtp_inspect packets dce_http_proxy stream_icmp normalizer ftp_server stream_udp search_engine ips dce_smb latency wizard appid file_id ftp_data hosts smtp port_scan dce_http_server modbus dce_tcp telnet host_tracker ssl sip rpc_decode http2_inspect http_inspect back_orifice stream_user stream_ip classifications dnp3 active ftp_client daq decode alerts stream references arp_spoof output dns dce_udp imap process stream_file Finished /usr/local/snort261/etc/snort/snort.lua: 0 hosts loaded .. swapping configuration == reload complete o")~
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 07)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 08)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 08)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 Michael Altizer (mialtize) via Snort-users (Oct 09)
- Help!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Russ Combs (rucombs) via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 10)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Michael Altizer (mialtize) via Snort-users (Oct 10)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Michael Altizer (mialtize) via Snort-users (Oct 11)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 08)
- new Help please!!! snort_build261 appid can not identify http sofardware via Snort-users (Oct 12)
- Help! An error about "reject" action with build261 sofardware via Snort-users (Oct 16)
- Re: Help! An error about "reject" action with build261 Meridoff via Snort-users (Oct 16)
- Re: Help! An error about "reject" action with build261 sofardware via Snort-users (Oct 16)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 08)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 10)