Snort mailing list archives
after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ???
From: Dorian ROSSE via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 8 Apr 2022 17:39:47 +0000
hello,
i am mad because i have listened oleksandr to remove the rules on the snort.lua file finaly i run only 600 rules
without launch any scan :
'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b
--------------------------------------------------
o")~ Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
Loading inline.lua:
Finished inline.lua:
Loading talos.lua:
Finished talos.lua:
dns
imap
iec104
modbus
netflow
normalizer
pop
rpc_decode
sip
ssl
telnet
dce_smb
dce_tcp
dce_udp
dce_http_proxy
dce_http_server
gtp_inspect
port_scan
smtp
ftp_server
output
ftp_client
ftp_data
http2_inspect
file_id
trace
appid
alert_talos
profiler
binder
alert_json
classifications
references
wizard
detection
reputation
Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist
Reputation entries loaded: 1216, invalid: 0, re-defined: 0 (from file
/usr/local/etc/snort/../lists/default.blocklist)
file_policy
http_inspect
ssh
stream
snort
host_cache
process
ips
active
alerts
daq
decode
packets
search_engine
so_proxy
network
hosts
host_tracker
stream_ip
stream_icmp
stream_tcp
stream_udp
stream_user
stream_file
arp_spoof
back_orifice
dnp3
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
total rules loaded: 600
builtin rules: 600
option chains: 600
chain headers: 1
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 600 0 0 0
total 600 0 0 0
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 600 0 600 /usr/local/etc/snort/snort.lua
--------------------------------------------------
dump:pcap DAQ configured to inline.
Commencing packet processing
Couldn't construct a DAQ instance: pcap_daq_instantiate: Couldn't open file 'enp0s25' for reading: No such file or
directory (-2)
--------------------------------------------------
Packet Statistics
--------------------------------------------------
Module Statistics
--------------------------------------------------
Summary Statistics
--------------------------------------------------
timing
runtime: 00:00:00
seconds: 0.002349
o")~ Snort exiting'
And when i should found the file from my card network ?
Thank you in advance for all yours good advice,
Regards.
Dorian ROSSE.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ??? Dorian ROSSE via Snort-sigs (Apr 08)