Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ???

From: "J. Hellenthal via Snort-devel" <snort-devel () lists snort org>
Date: Mon, 11 Apr 2022 16:09:21 -0500
Only thing you should be mad at here is the fact that you've been working on this one single thing for 6+ months and 
yet you still cannot fathom how to properly do anything with this.

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.


On Apr 11, 2022, at 14:29, Dorian ROSSE via Snort-devel <snort-devel () lists snort org> wrote:


hello,


i am mad because i have listened oleksandr to remove the rules on the snort.lua file finaly i run only 600 rules 
without launch any scan : 

'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b
--------------------------------------------------
o")~   Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
Loading inline.lua:
Finished inline.lua:
Loading talos.lua:
Finished talos.lua:
dns
imap
iec104
modbus
netflow
normalizer
pop
rpc_decode
sip
ssl
telnet
dce_smb
dce_tcp
dce_udp
dce_http_proxy
dce_http_server
gtp_inspect
port_scan
smtp
ftp_server
output
ftp_client
ftp_data
http2_inspect
file_id
trace
appid
alert_talos
profiler
binder
alert_json
classifications
references
wizard
detection
reputation
    Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist
    Reputation entries loaded: 1216, invalid: 0, re-defined: 0 (from file 
/usr/local/etc/snort/../lists/default.blocklist)
file_policy
http_inspect
ssh
stream
snort
host_cache
process
ips
active
alerts
daq
decode
packets
search_engine
so_proxy
network
hosts
host_tracker
stream_ip
stream_icmp
stream_tcp
stream_udp
stream_user
stream_file
arp_spoof
back_orifice
dnp3
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
       total rules loaded: 600
            builtin rules: 600
            option chains: 600
            chain headers: 1
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ip
     any     600       0       0       0
   total     600       0       0       0
--------------------------------------------------
ips policies rule stats
              id  loaded  shared enabled    file
               0     600       0     600    /usr/local/etc/snort/snort.lua
--------------------------------------------------
dump:pcap DAQ configured to inline.
Commencing packet processing
Couldn't construct a DAQ instance: pcap_daq_instantiate: Couldn't open file 'enp0s25' for reading: No such file or 
directory (-2)
--------------------------------------------------
Packet Statistics
--------------------------------------------------
Module Statistics
--------------------------------------------------
Summary Statistics
--------------------------------------------------
timing
                  runtime: 00:00:00
                  seconds: 0.002349
o")~   Snort exiting'

And when i should found the file from my card network ?

Thank you in advance for all yours good advice,

Regards.


Dorian ROSSE.
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: