![snort logo](/images/snort-logo.png)
Snort mailing list archives
after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ???
From: Dorian ROSSE via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 8 Apr 2022 17:39:47 +0000
hello, i am mad because i have listened oleksandr to remove the rules on the snort.lua file finaly i run only 600 rules without launch any scan : 'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b -------------------------------------------------- o")~ Snort++ 3.1.21.0 -------------------------------------------------- Loading /usr/local/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: Loading inline.lua: Finished inline.lua: Loading talos.lua: Finished talos.lua: dns imap iec104 modbus netflow normalizer pop rpc_decode sip ssl telnet dce_smb dce_tcp dce_udp dce_http_proxy dce_http_server gtp_inspect port_scan smtp ftp_server output ftp_client ftp_data http2_inspect file_id trace appid alert_talos profiler binder alert_json classifications references wizard detection reputation Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist Reputation entries loaded: 1216, invalid: 0, re-defined: 0 (from file /usr/local/etc/snort/../lists/default.blocklist) file_policy http_inspect ssh stream snort host_cache process ips active alerts daq decode packets search_engine so_proxy network hosts host_tracker stream_ip stream_icmp stream_tcp stream_udp stream_user stream_file arp_spoof back_orifice dnp3 Finished /usr/local/etc/snort/snort.lua: -------------------------------------------------- rule counts total rules loaded: 600 builtin rules: 600 option chains: 600 chain headers: 1 -------------------------------------------------- port rule counts tcp udp icmp ip any 600 0 0 0 total 600 0 0 0 -------------------------------------------------- ips policies rule stats id loaded shared enabled file 0 600 0 600 /usr/local/etc/snort/snort.lua -------------------------------------------------- dump:pcap DAQ configured to inline. Commencing packet processing Couldn't construct a DAQ instance: pcap_daq_instantiate: Couldn't open file 'enp0s25' for reading: No such file or directory (-2) -------------------------------------------------- Packet Statistics -------------------------------------------------- Module Statistics -------------------------------------------------- Summary Statistics -------------------------------------------------- timing runtime: 00:00:00 seconds: 0.002349 o")~ Snort exiting' And when i should found the file from my card network ? Thank you in advance for all yours good advice, Regards. Dorian ROSSE.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ??? Dorian ROSSE via Snort-sigs (Apr 08)