Re: [Snort-openappid] AppId quickstart

[James <jlay () slave-tothe-box net>]

Good catch…this is indeed --enable-open-appid…sorry about that.

James

On Oct 24, 2014, at 10:22, Costas Kleopa (ckleopa) <ckleopa () cisco com> wrote:

> Can you confirm if you run:
> ./configure --enable-open-appid
>
> Below you mentioned: --enable-appid,
>
>
> Thanks
> Costas
>
>
> On 10/24/14, 12:19 PM, "Joel Esler (jesler)" <jesler () cisco com> wrote:
>
> > Thanks James.
> >
> > We¹ve posted several blog posts with instructions, videos, etc on the
> > Snort.org blog: http://blog.snort.org/search/label/openappid
> >
> > Please check it out.
> >
> > J
> >
> > > On Oct 24, 2014, at 8:40 AM, James <jlay () slave-tothe-box net> wrote:
> > >
> > > So on Ubuntu 1[0-4]:
> > >
> > > Download luajit at http://luajit.org/download/LuaJIT-2.0.3.tar.gz (apt
> > > package didn¹t get recognized on snort reconfigure).
> > > Uncompress, make, sudo make install
> > > Download snort-openappid.tar.gz from https://www.snort.org/downloads
> > > Uncompress and move the odp dir to somewhere (I chose /opt/share/)
> > > Recompile snort with adding --enable-appid, make, sudo make install
> > > Add the below to your snort.conf:
> > >
> > > preprocessor appid : \
> > >             app_detector_dir /opt/share
> > >
> > > Test with sudo snort -T -c snort.conf
> > >
> > > Should see:
> > >
> > > AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966
> > > 1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985
> > > 1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021
> > > 2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158
> > > 2159 2162 2019 2072 1508 1063 2261 2664 2690
> > > Could not read configuration file /opt/share/custom/userappid.conf
> > > LuaJIT: Version LuaJIT 2.0.3
> > >  Setting tracker size to 219
> > >  TCP Port-Only Services
> > >
> > > EnjoyŠsubscribe to the snort-openappid list for more information and
> > > help.
> > >
> > > James
> > >
> > > -------------------------------------------------------------------------
> > > -----
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > > Snort news!


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!