Snort mailing list archives
Snort3 with ELK
From: Waiting Zeng <waiting () edison tech>
Date: Mon, 23 Jul 2018 10:17:45 +0800
I follow the link https://blog.snort.org/2017/11/snort-30-with-elasticsearch-logstash.html for setup. but have some issue. #1, error log -------------------------------------------------- o")~ Snort++ 3.0.0-243 -------------------------------------------------- Loading /usr/local/snort/etc/snort/snort.lua: ssh pop binder stream_tcp gtp_inspect dce_http_proxy stream_icmp normalizer ftp_server stream_udp dce_smb modbus ips ssl latency wizard appid file_id ftp_data back_orifice smtp port_scan dce_http_server dce_tcp telnet classifications sip rpc_decode http_inspect stream_ip stream_user dnp3 ftp_client stream references arp_spoof dns dce_udp imap stream_file Finished /usr/local/snort/etc/snort/snort.lua. ERROR: unknown logger alert_json Loading rules: Loading snort3-community-rules/snort3-community.rules: Finished snort3-community-rules/snort3-community.rules. Finished rules. -------------------------------------------------- rule counts total rules loaded: 829 text rules: 829 option chains: 829 chain headers: 46 -------------------------------------------------- port rule counts tcp udp icmp ip any 63 3 0 0 src 124 3 0 0 dst 539 98 0 0 both 0 1 0 0 total 726 105 0 0 -------------------------------------------------- flowbits defined: 20 not checked: 11 not set: 3 -------------------------------------------------- service rule counts - tcp to-srv to-cli dns: 1 0 ftp: 7 2 ftp-data: 0 8 http: 485 92 imap: 0 8 irc: 4 1 netbios-ssn: 15 1 pop3: 0 8 smtp: 16 0 ssl: 14 31 telnet: 1 0 total: 543 151 -------------------------------------------------- service rule counts - udp to-srv to-cli dns: 88 2 http: 4 0 total: 92 2 -------------------------------------------------- fast pattern port groups src dst any packet: 13 24 2 -------------------------------------------------- fast pattern service groups to-srv to-cli packet: 10 6 key: 1 0 header: 1 4 body: 1 0 file: 2 4 -------------------------------------------------- search engine instances: 65 patterns: 2719 pattern chars: 49786 num states: 38972 num match states: 2649 memory scale: MB total memory: 1.04895 pattern memory: 0.151139 match list memory: 0.384735 transition memory: 0.505138 -------------------------------------------------- pcap DAQ configured to passive. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. #2, how to test if the snort3 have run fine? -- Thank Waiting
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort3 with ELK Waiting Zeng (Jul 23)
- Re: Snort3 with ELK Y M via Snort-users (Jul 24)
- Re: Snort3 with ELK Russ via Snort-users (Jul 24)
- Re: Snort3 with ELK Waiting Zeng (Jul 24)