Snort mailing list archives
Re: snort 2.3.21 new error after install the rules for the next last snort (2.3.30)
From: "Nihal Desai \(nihdesai\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 24 May 2022 19:01:27 +0000
Looks like you are running snort from 3.1.21.0 src dir. Make sure you are running snort from the latest one you built.
“'''~/snort_src/snort3-3.1.21.0$ sudo snort”
--
V/r
Nihal N. Desai
From: Snort-users <snort-users-bounces () lists snort org> on behalf of Dorian ROSSE via Snort-users <snort-users ()
lists snort org>
Date: Tuesday, May 24, 2022 at 2:53 PM
To: snort-users () lists snort org <snort-users () lists snort org>, snort-devel () lists snort org <snort-devel ()
lists snort org>
Subject: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30)
hello,
i fall on this error since i have install the rules for the next last snort 2.3.30 :
'''~/snort_src/snort3-3.1.21.0$ sudo snort -c /usr/local/etc/snort/snort.lua --daq-dir ../libdaq-3.0.7 --daq pcap --daq
dump --daq-var lb_total=4 --daq-var fanout_type=hash -s 65535 -k all -l /var/log/snort -i enp0s25 --daq-var lb_id=1 -i
wlp3s0 --daq-var lb_id=2 -z 2 -m 0x1b
--------------------------------------------------
o")~ Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
Loading inline.lua:
Finished inline.lua:
Loading talos.lua:
Finished talos.lua:
trace
output
alert_json
ips
dnp3
binder
wizard
detection
reputation
Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist
Reputation entries loaded: 801, invalid: 0, re-defined: 0 (from file
/usr/local/etc/snort/../lists/default.blocklist)
appid
file_policy
file_id
http2_inspect
dce_tcp
active
dns
references
classifications
arp_spoof
snort
ERROR: /usr/local/etc/snort/snort.lua: snort.--daq-var is invalid
stream_user
stream_tcp
stream_icmp
stream_ip
profiler
alert_talos
stream
stream_udp
stream_file
back_orifice
imap
iec104
modbus
netflow
normalizer
pop
rpc_decode
sip
ssh
ssl
telnet
dce_smb
dce_udp
dce_http_proxy
dce_http_server
gtp_inspect
port_scan
smtp
ftp_server
ftp_client
ftp_data
http_inspect
alerts
daq
decode
host_cache
host_tracker
hosts
network
packets
process
search_engine
so_proxy
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
total rules loaded: 600
builtin rules: 600
option chains: 600
chain headers: 1
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 600 0 0 0
total 600 0 0 0
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 600 0 600 /usr/local/etc/snort/snort.lua
--------------------------------------------------
dump:pcap DAQ configured to inline.
FATAL: see prior 1 errors (0 warnings)
Fatal Error, Quitting..
'''
i don't understand the error,
thanks you in advance to help myself fully repair this snort or since the other e-mail for snort 2.3.30,
Regards.
Dorian ROSSE.
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: snort 2.3.21 new error after install the rules for the next last snort (2.3.30) Nihal Desai (nihdesai) via Snort-devel (May 24)