Re: Minor notes snort-3.0.0-a1

[Y M <snort () outlook com>]

Inline please.
From: rucombs () cisco com
To: snort () outlook com; snort-devel () lists sourceforge net
Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1
Date: Sat, 13 Dec 2014 12:02:08 +0000







Thanks for the report.  Comments below.





From: Y M [snort () outlook com]

Sent: Saturday, December 13, 2014 4:28 AM

To: snort-devel () lists sourceforge net

Subject: [Snort-devel] Minor notes snort-3.0.0-a1







1. Difference in performance profiling configuration option when building snort with cmake vs. autotools:


    cmake accepts enable-perfprofiling but not enable-perf-profiling

    autotools accepts enable-perf-profiling but not enable-perfprofiling




* We will get cmake updated to match auto tools here.
-- Awesome, thanks.





2. When running snort, a fatal error may be generated:

     FATAL: can't init /usr/local/snort/etc/snort.lua: /usr/local/snort/etc/snort.lua:22: module 'snort_config' not 
found:

no field package.preload['snort_config']

no file './snort_config.lua'

no file '/usr/local/share/luajit-2.0.3/snort_config.lua'

no file '/usr/local/share/lua/5.1/snort_config.lua'

no file '/usr/local/share/lua/5.1/snort_config/init.lua'

no file './snort_config.so'

no file '/usr/local/lib/lua/5.1/snort_config.so'

no file '/usr/local/lib/lua/5.1/loadall.so'

      Fatal Error, Quitting..





    snort_config.lua is not copied to /etc when installing snort. Manually copying snort_config.lua to /etc fixes the 
issue. 





* Did you export LUA_PATH to point to the directory where snort_config.lua is installed?  LUA_PATH is for required 
files, i.e. files loaded by LuaJIT automatically, whereas SNORT_LUA_PATH is for Snort configuration include paths.  The 
two are distinct and must
 be set correctly.
-- Yes:
dev@snortalpha:~$ echo $LUA_PATH/usr/local/snort/include/snort/lua/?.lua;;dev@snortalpha:~$ echo 
$SNORT_LUA_PATH/usr/local/snort/etc





3. Difference in dump_stats() when running with --shell and dump_stats() after running quit():





* This is a known issue already on the todo list.  Glad to see someone actually tried it.  :)
-- Glad to know its a known issue. Thanks.

    

    o")~ 

dump_stats()

--------------------------------------------------

Packet Statistics

--------------------------------------------------

daq

                    pcaps: 1

--------------------------------------------------

Module Statistics

--------------------------------------------------

Summary Statistics

--------------------------------------------------

process

           local commands: 12

o")~ 





o")~ 

quit()

== stopping

o")~ 

-- [0] eth0

--------------------------------------------------

Packet Statistics

--------------------------------------------------

daq

                    pcaps: 1

                 received: 118

                 analyzed: 118

                    allow: 118

                     idle: 2

--------------------------------------------------

codec

                    total: 122        
(100.000%)

                 discards: 18          
( 14.754%)

                      arp: 2          
(  1.639%)

                      eth: 122        
(100.000%)

                    icmp4: 78          
( 63.934%)

                     ipv4: 120        
( 98.361%)

                      tcp: 36          
( 29.508%)

                      udp: 6          
(  4.918%)

--------------------------------------------------

Module Statistics

--------------------------------------------------

back_orifice

                  packets: 3

--------------------------------------------------

binder

                  packets: 8

                 inspects: 8

--------------------------------------------------

perf_monitor

                  packets: 100

--------------------------------------------------

port_scan_global

                  packets: 98

--------------------------------------------------

stream

                tcp flows: 4

                udp flows: 3

               icmp flows: 1

--------------------------------------------------

stream_icmp

                  created: 1

                 released: 1

--------------------------------------------------

stream_tcp

                 sessions: 4

                 timeouts: 2

            data trackers: 4

         trackers created: 4

        trackers released: 4

              segs queued: 5

            segs released: 5

          client cleanups: 4

--------------------------------------------------

stream_udp

                 sessions: 3

                  created: 3

                 released: 3

--------------------------------------------------

tcp

       bad checksum (ip4): 15

--------------------------------------------------

udp

       bad checksum (ip4): 3

--------------------------------------------------

Summary Statistics

--------------------------------------------------

detection

                 analyzed: 118

--------------------------------------------------

process

           local commands: 15

--------------------------------------------------

timing

                  runtime: 00:02:49

                  seconds: 169.467279

                  packets: 118

                 pkts/sec: 0

o")~   Snort exiting





Thanks.

Yaser




------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!