Snort mailing list archives

Re: snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup

From: Dorian ROSSE via Snort-devel <snort-devel () lists snort org>
Date: Sun, 29 May 2022 19:40:29 +0000

hello,


'sudo ./snort' doesn't works,

here the sources files of this snort :

3.1.30.0.tar.gz            hyperscan-5.4.0-build          max_detect.lua                           safeclib
balanced.lua               hyperscan_5.4.0.orig.tar.gz    openmpi-4.1.2.tar.gz                     security.lua
boost_1_57_0.tar.gz        inline.lua                     openssl-1.1.1f                           sid-msg.map
boost_1_77_0.tar.gz        libdaq-3.0.6.tar.gz            openssl_1.1.1f.orig.tar.gz               snort3-3.1.21.0
boost_1_79_0               libdaq-3.0.7                   ossp-uuid_1.6.2-1.5build7.debian.tar.xz  
snort3-3.1.21.0.tar.gz
boost_1_79_0_rc1.tar.gz    libdnet                        pcre2                                    snort3-3.1.30.0
CMake                      libiconv-1.16.tar.gz           pcre-8.45                                
snort_command_line.txt
connectivity.lua           libiconv-1.17                  pcre-8.45.tar.gz                         snort_defaults.lua
debian                     libiconv-1.17.tar.gz           pulledpork-master                        snort.lua
file_magic.lua             libpcap-1.10.1                 pulledpork-master.tar.gz                 snort.lua.sauv
flatbuffers-2.0.0          libpcap-1.10.1.tar.gz          Python-2.7.18                            talos.lua
flatbuffers-build          libpcap_1.9.1-3.debian.tar.xz  Python-2.7.18.tar.xz                     uuid
flatbuffers-v2.0.0.tar.gz  libsafec-02092020.0-g6d921f    Python-3.10.4                            v3.0.7.tar.gz
gperftools                 libsafec-02092020.tar.gz       Python-3.10.4.tar.xz                     v5.4.0.tar.gz
gperftools-2.9.1           luajit                         ragel-6.10
gperftools-2.9.1.tar.gz    LuaJIT-2.0.5                   ragel-6.10.tar.gz
hyperscan-5.4.0            LuaJIT-2.0.5.tar.gz            ragel-6.10.tar.gz.1

what is should do ?

thank you in advance for your help,

Regards.


Dorian ROSSE.
________________________________
De : Dorian ROSSE
Envoyé : lundi 23 mai 2022 14:28
À : Snort-users () lists snort org <snort-users () lists snort org>; snort-devel () lists snort org <snort-devel () 
lists snort org>
Objet : snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup

hello,


i launch the last snort in local but the snort launched is snort 3.1.21 :

'''~/snort_src/snort3-3.1.30.0$ sudo snort -c /usr/local/etc/snort/snort.lua --daq-dir ../libdaq-3.0.7 --daq pcap --daq 
dump --daq-var lb_total=4 --daq-var fanout_type=hash -s 65535 -k all -l /var/log/snort -i enp0s25 --daq-var lb_id=1 -i 
wlp3s0 --daq-var lb_id=2 -z 2 -m 0x1b
--------------------------------------------------
o")~   Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
Loading inline.lua:
Finished inline.lua:
Loading talos.lua:
Finished talos.lua:
active
alerts
daq
decode
host_cache
host_tracker
network
process
output
appid
alert_json
ips
classifications
references
binder
wizard
detection
reputation
    Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist
    Reputation entries loaded: 1216, invalid: 0, re-defined: 0 (from file 
/usr/local/etc/snort/../lists/default.blocklist)
file_policy
file_id
http2_inspect
http_inspect
ftp_data
ftp_client
ftp_server
port_scan
dce_smb
stream_icmp
stream_tcp
stream_udp
stream_user
stream_file
arp_spoof
back_orifice
dnp3
dns
snort
modbus
netflow
normalizer
pop
rpc_decode
sip
alert_talos
ssl
profiler
telnet
ssh
iec104
imap
stream_ip
stream
hosts
packets
search_engine
so_proxy
trace
dce_tcp
dce_udp
dce_http_proxy
dce_http_server
gtp_inspect
smtp
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
       total rules loaded: 600
            builtin rules: 600
            option chains: 600
            chain headers: 1
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ipt
     any     600       0       0       0
   total     600       0       0       0
--------------------------------------------------
ips policies rule stats
              id  loaded  shared enabled    file
               0     600       0     600    /usr/local/etc/snort/snort.lua
--------------------------------------------------
dump:pcap DAQ configured to inline.
Commencing packet processing
++ [0] enp0s25
++ [1] wlp3s0'''

a good news is i success to install hyperscan with the last boost,

thank you in advance to help myself launch fully the last snort,

regards.


Dorian ROSSE.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Re: snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup Nihal Desai (nihdesai) via Snort-devel (May 24)
- <Possible follow-ups>
- Re: snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup Dorian ROSSE via Snort-devel (May 31)