Snort mailing list archives

Previous By Date Next
Previous By Thread Next

appid errors after missing file of manual

From: Chihwah Li via Snort-users <snort-users () lists snort org>
Date: Tue, 14 May 2019 00:16:20 +0200

What I am trying to do, install AppID from:

https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/138/original/Snort_3.0.0-a4-245_on_Ubuntu_14_16_18.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190513%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190513T174310Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=440a05570e25f4ca2e4183f853fa717646a9c125ca2b5b8a7569a247e19cba30

Does not work in your guide:
wget https://www.snort.org/downloads/openappid/7630 -O OpenAppId-7630.tar.gz


I improvised and changed to :
wget https://www.snort.org/downloads/openappid/10229 -O snort-openappid.tar.gz
But after trying out with $ snort -c /usr/local/etc/snort/snort.lua --warn-all 

I receive the errors:

o")~   Snort++ 3.0.0-255
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
    ssh
    host_cache
    pop
    binder
    stream_tcp
    network
    gtp_inspect
    packets
    dce_http_proxy
    stream_icmp
    normalizer
    ftp_server
    stream_udp
    search_engine
    ips
    dce_smb
    latency
    wizard
    appid
    file_id
    ftp_data
    hosts
    smtp
    port_scan
    dce_http_server
    modbus
    dce_tcp
    telnet
    host_tracker
    ssl
    sip
    rpc_decode
    http2_inspect
    http_inspect
    back_orifice
    stream_user
    stream_ip
    classifications
    dnp3
    active
    ftp_client
    daq
    decode
    alerts
    stream
    references
    arp_spoof
    output
    dns
    dce_udp
    imap
    process
    stream_file
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
       total rules loaded: 476
            builtin rules: 476
            option chains: 476
            chain headers: 1
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ip
     any     476       0       0       0
   total     476       0       0       0
WARNING: appid: no lua detectors found in directory '/usr/local/lib/custom/lua/*' 
WARNING: appid: no entry in appMapping.data for 3588
WARNING: appid: no entry in appMapping.data for 3589
WARNING: appid: no entry in appMapping.data for 110
WARNING: appid: no entry in appMapping.data for 276
WARNING: appid: no entry in appMapping.data for 65
WARNING: appid: no entry in appMapping.data for 65
WARNING: appid: no entry in appMapping.data for 131
WARNING: appid: no entry in appMapping.data for 131
WARNING: appid: no entry in appMapping.data for 41
WARNING: appid: no entry in appMapping.data for 41
WARNING: appid: no entry in appMapping.data for 115
WARNING: appid: no entry in appMapping.data for 115
WARNING: appid: no entry in appMapping.data for 3834
WARNING: appid: no entry in appMapping.data for 3834
WARNING: appid: no entry in appMapping.data for 197
WARNING: appid: no entry in appMapping.data for 197
WARNING: appid: no entry in appMapping.data for 199
WARNING: appid: no entry in appMapping.data for 199
WARNING: appid: no entry in appMapping.data for 228
WARNING: appid: no entry in appMapping.data for 228
WARNING: appid: no entry in appMapping.data for 227
WARNING: appid: no entry in appMapping.data for 227
WARNING: appid: no entry in appMapping.data for 249
WARNING: appid: no entry in appMapping.data for 249
WARNING: appid: no entry in appMapping.data for 3197
WARNING: appid: no entry in appMapping.data for 3197
WARNING: appid: no entry in appMapping.data for 300
WARNING: appid: no entry in appMapping.data for 300
WARNING: appid: no entry in appMapping.data for 290
WARNING: appid: no entry in appMapping.data for 290
WARNING: appid: no entry in appMapping.data for 302
WARNING: appid: no entry in appMapping.data for 302
WARNING: appid: no entry in appMapping.data for 291
WARNING: appid: no entry in appMapping.data for 291
WARNING: appid: no entry in appMapping.data for 337
WARNING: appid: no entry in appMapping.data for 337
WARNING: appid: no entry in appMapping.data for 339
WARNING: appid: no entry in appMapping.data for 339
WARNING: appid: no entry in appMapping.data for 358
WARNING: appid: no entry in appMapping.data for 358
WARNING: appid: no entry in appMapping.data for 361
WARNING: appid: no entry in appMapping.data for 361
WARNING: appid: no entry in appMapping.data for 383
WARNING: appid: no entry in appMapping.data for 383
WARNING: appid: no entry in appMapping.data for 384
WARNING: appid: no entry in appMapping.data for 384
WARNING: appid: no entry in appMapping.data for 385
WARNING: appid: no entry in appMapping.data for 385
WARNING: appid: no entry in appMapping.data for 843
WARNING: appid: no entry in appMapping.data for 843
WARNING: appid: no entry in appMapping.data for 3938
WARNING: appid: no entry in appMapping.data for 388
WARNING: appid: no entry in appMapping.data for 388
WARNING: appid: no entry in appMapping.data for 419
WARNING: appid: no entry in appMapping.data for 419
WARNING: appid: no entry in appMapping.data for 418
WARNING: appid: no entry in appMapping.data for 418
WARNING: appid: no entry in appMapping.data for 439
WARNING: appid: no entry in appMapping.data for 439
WARNING: appid: no entry in appMapping.data for 434
WARNING: appid: no entry in appMapping.data for 434
WARNING: appid: no entry in appMapping.data for 437
WARNING: appid: no entry in appMapping.data for 437
WARNING: appid: no entry in appMapping.data for 3396
WARNING: appid: no entry in appMapping.data for 3396
WARNING: appid: no entry in appMapping.data for 513
WARNING: appid: no entry in appMapping.data for 513
WARNING: appid: no entry in appMapping.data for 2313
WARNING: appid: no entry in appMapping.data for 2313
WARNING: appid: no entry in appMapping.data for 90
WARNING: appid: no entry in appMapping.data for 90
--------------------------------------------------
pcap DAQ configured to passive.

Snort successfully validated the configuration (with 72 warnings).
----------------------- ---------------------------------------------------------------------------------------
Because of file that I could not find the installation outcome is different. No idea how to fix. 

what can I do? Thank you in advance.

Kindest regards,

Chihwah Li



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: