Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 3 - unknown table data_log

From: Y M via Snort-devel <snort-devel () lists snort org>
Date: Wed, 29 Apr 2020 22:27:50 +0000
Thank you, Steven. I completely forgot about passing the --plugin-path option. My bad.

YM

________________________________
From: Steven Baigal (sbaigal) <sbaigal () cisco com>
Sent: Thursday, April 30, 2020 1:14 AM
To: Y M; snort-devel () lists snort org
Subject: Re: [Snort-devel] Snort 3 - unknown table data_log

data_log is part of snort3_extra, pull and compile the snort3_extra and provide the location of plugins via 
–plugin-path option.
For example:
snort –plugin-path /mysnort/lib/snort_extra –show-plugins

Steven Baigal

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Y M via Snort-devel <snort-devel () lists snort 
org>
Reply-To: Y M <snort () outlook com>
Date: Wednesday, April 29, 2020 at 1:37 PM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: [Snort-devel] Snort 3 - unknown table data_log

Hello,

Hope everybody is safe, and congratulations on the Snort 3 beta release.

Running Snort 3.0.1 build 2, the data_log inspector does not appear to be listed in Snort start output, and there are 
no logs generated. Snort extra is installed and I don't receive any errors, but running Snort with the --warn-all flag, 
generates the below warning:

WARNING: /usr/local/snort/etc/snort/snort.lua: unknown table data_log

Snort version:

# /usr/local/snort/bin/snort -V

   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.0.1 (Build 2)
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 3.0.0
           Using LuaJIT version 2.1.0-beta3
           Using OpenSSL 1.1.1c FIPS  28 May 2019
           Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
           Using PCRE version 8.42 2018-03-20
           Using ZLIB version 1.2.11
           Using FlatBuffers 1.12.0
           Using Hyperscan version 5.2.1 2020-04-28
           Using LZMA version 5.2.4

Snort Extra build steps:

# export PKG_CONFIG_PATH=/usr/local/snort/lib64/pkgconfig:$PKG_CONFIG_PATH
# ./configure_cmake.sh --prefix=/usr/local/snort/extra
# cd build/
# make && make install

data_log configuration:

data_log =
{
    key = 'http_request_header_event',
    limit = 100
}

Did the way building/installing Snort extra change?

Thank you.
YM

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: