Snort mailing list archives
Re: Snort 3 - unknown table data_log
From: "Steven Baigal \(sbaigal\) via Snort-devel" <snort-devel () lists snort org>
Date: Wed, 29 Apr 2020 22:13:57 +0000
data_log is part of snort3_extra, pull and compile the snort3_extra and provide the location of plugins via –plugin-path option. For example: snort –plugin-path /mysnort/lib/snort_extra –show-plugins Steven Baigal From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Y M via Snort-devel <snort-devel () lists snort org> Reply-To: Y M <snort () outlook com> Date: Wednesday, April 29, 2020 at 1:37 PM To: "snort-devel () lists snort org" <snort-devel () lists snort org> Subject: [Snort-devel] Snort 3 - unknown table data_log Hello, Hope everybody is safe, and congratulations on the Snort 3 beta release. Running Snort 3.0.1 build 2, the data_log inspector does not appear to be listed in Snort start output, and there are no logs generated. Snort extra is installed and I don't receive any errors, but running Snort with the --warn-all flag, generates the below warning: WARNING: /usr/local/snort/etc/snort/snort.lua: unknown table data_log Snort version: # /usr/local/snort/bin/snort -V ,,_ -*> Snort++ <*- o" )~ Version 3.0.1 (Build 2) '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.0 Using LuaJIT version 2.1.0-beta3 Using OpenSSL 1.1.1c FIPS 28 May 2019 Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3) Using PCRE version 8.42 2018-03-20 Using ZLIB version 1.2.11 Using FlatBuffers 1.12.0 Using Hyperscan version 5.2.1 2020-04-28 Using LZMA version 5.2.4 Snort Extra build steps: # export PKG_CONFIG_PATH=/usr/local/snort/lib64/pkgconfig:$PKG_CONFIG_PATH # ./configure_cmake.sh --prefix=/usr/local/snort/extra # cd build/ # make && make install data_log configuration: data_log = { key = 'http_request_header_event', limit = 100 } Did the way building/installing Snort extra change? Thank you. YM
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 3 - unknown table data_log Y M via Snort-devel (Apr 29)
- <Possible follow-ups>
- Re: Snort 3 - unknown table data_log Steven Baigal (sbaigal) via Snort-devel (Apr 29)
- Re: Snort 3 - unknown table data_log Y M via Snort-devel (Apr 29)