Snort mailing list archives
Re: AppId quickstart
From: James <jlay () slave-tothe-box net>
Date: Fri, 24 Oct 2014 10:27:04 -0600
I sure will…thanks a bunch Joel. James On Oct 24, 2014, at 10:19, Joel Esler (jesler) <jesler () cisco com> wrote:
Thanks James. We’ve posted several blog posts with instructions, videos, etc on the Snort.org blog: http://blog.snort.org/search/label/openappid Please check it out. JOn Oct 24, 2014, at 8:40 AM, James <jlay () slave-tothe-box net> wrote: So on Ubuntu 1[0-4]: Download luajit at http://luajit.org/download/LuaJIT-2.0.3.tar.gz (apt package didn’t get recognized on snort reconfigure). Uncompress, make, sudo make install Download snort-openappid.tar.gz from https://www.snort.org/downloads Uncompress and move the odp dir to somewhere (I chose /opt/share/) Recompile snort with adding --enable-appid, make, sudo make install Add the below to your snort.conf: preprocessor appid : \ app_detector_dir /opt/share Test with sudo snort -T -c snort.conf Should see: AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966 1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985 1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021 2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158 2159 2162 2019 2072 1508 1063 2261 2664 2690 Could not read configuration file /opt/share/custom/userappid.conf LuaJIT: Version LuaJIT 2.0.3 Setting tracker size to 219 TCP Port-Only Services Enjoy…subscribe to the snort-openappid list for more information and help. James ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- AppId quickstart James (Oct 24)
- Re: AppId quickstart Joel Esler (jesler) (Oct 24)
- Re: AppId quickstart James (Oct 24)
- Re: AppId quickstart Joel Esler (jesler) (Oct 24)