Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort3] No Logs created

From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Fri, 18 Sep 2020 15:06:36 +0000
Hi,

Your stats don't show any IP traffic, which is why they also don't show any search engine activity.  All of your ether 
traffic is counted as "other".

If you send a pcap we can take a look.  You can send direct to me if needed.

Thanks
Russ
________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Donald Hoskins via Snort-devel <snort-devel () 
lists snort org>
Sent: Friday, September 18, 2020 9:36 AM
To: snort-devel () lists snort org <snort-devel () lists snort org>
Subject: [Snort-devel] [Snort3] No Logs created

Hi All.

I've incorporated Snort++/Snort3 into OpenWrt (kernel 5.4), cross-compiled for mips64 (Octeon3 CN7020AAP1.2 SoC).

It starts, *appears* to run, however never(!) drops a log file.

My standard invocation:

snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /usr/lib/daq --daq afpacket --daq-var debug --daq-var 
fanout_type=hash --daq-var fanout_flag=defrag -A alert_full --tweaks talos -Q -l /var/log -D

You can see the console output (rollover console connection): https://pastebin.com/cbttVv9S

If I remove everything not required to get Snort3 running, it seems to run (see below), but again, no logs are actually 
created:

root@OpenWrt:/etc# snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /usr/lib/daq -A alert_full -l /var/log

** caught int signal
== stopping
[ 2788.642249] device eth0 left promiscuous mode
-- [0] eth0:br-lan
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                 received: 27239
                 analyzed: 26943
                  dropped: 279
              outstanding: 296
                    allow: 26943
                     idle: 1
                 rx_bytes: 5512129
--------------------------------------------------
codec
                    total: 26943        (100.000%)
                    other: 26943        (100.000%)
                      eth: 26943        (100.000%)
--------------------------------------------------
Module Statistics
--------------------------------------------------
detection
                 analyzed: 26943
--------------------------------------------------
latency
            total_packets: 26943
              total_usecs: 59918
                max_usecs: 578
--------------------------------------------------
Summary Statistics
--------------------------------------------------
process
                  signals: 1
--------------------------------------------------
timing
                  runtime: 00:11:24
                  seconds: 684.664040
                  packets: 27239
                 pkts/sec: 39


Any assistance would be greatly appreciated!  I checked the IRC channel, but it was suggested a wider knowledge base 
for Snort3 might be here.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: