Snort mailing list archives
Re: after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ???
From: "J. Hellenthal via Snort-devel" <snort-devel () lists snort org>
Date: Mon, 11 Apr 2022 16:09:21 -0500
Only thing you should be mad at here is the fact that you've been working on this one single thing for 6+ months and yet you still cannot fathom how to properly do anything with this. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Apr 11, 2022, at 14:29, Dorian ROSSE via Snort-devel <snort-devel () lists snort org> wrote: hello, i am mad because i have listened oleksandr to remove the rules on the snort.lua file finaly i run only 600 rules without launch any scan : 'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b -------------------------------------------------- o")~ Snort++ 3.1.21.0 -------------------------------------------------- Loading /usr/local/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: Loading inline.lua: Finished inline.lua: Loading talos.lua: Finished talos.lua: dns imap iec104 modbus netflow normalizer pop rpc_decode sip ssl telnet dce_smb dce_tcp dce_udp dce_http_proxy dce_http_server gtp_inspect port_scan smtp ftp_server output ftp_client ftp_data http2_inspect file_id trace appid alert_talos profiler binder alert_json classifications references wizard detection reputation Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist Reputation entries loaded: 1216, invalid: 0, re-defined: 0 (from file /usr/local/etc/snort/../lists/default.blocklist) file_policy http_inspect ssh stream snort host_cache process ips active alerts daq decode packets search_engine so_proxy network hosts host_tracker stream_ip stream_icmp stream_tcp stream_udp stream_user stream_file arp_spoof back_orifice dnp3 Finished /usr/local/etc/snort/snort.lua: -------------------------------------------------- rule counts total rules loaded: 600 builtin rules: 600 option chains: 600 chain headers: 1 -------------------------------------------------- port rule counts tcp udp icmp ip any 600 0 0 0 total 600 0 0 0 -------------------------------------------------- ips policies rule stats id loaded shared enabled file 0 600 0 600 /usr/local/etc/snort/snort.lua -------------------------------------------------- dump:pcap DAQ configured to inline. Commencing packet processing Couldn't construct a DAQ instance: pcap_daq_instantiate: Couldn't open file 'enp0s25' for reading: No such file or directory (-2) -------------------------------------------------- Packet Statistics -------------------------------------------------- Module Statistics -------------------------------------------------- Summary Statistics -------------------------------------------------- timing runtime: 00:00:00 seconds: 0.002349 o")~ Snort exiting' And when i should found the file from my card network ? Thank you in advance for all yours good advice, Regards. Dorian ROSSE. _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ??? Dorian ROSSE via Snort-sigs (Apr 08)
- Re: after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ??? J. Hellenthal via Snort-devel (Apr 11)