Snort mailing list archives

Re: snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup

From: "Nihal Desai \(nihdesai\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 24 May 2022 19:17:00 +0000

Not seeing a problem on my end. Make sure you are running snort form latest source. Maybe rebuild and try again.

--
V/r
Nihal N. Desai

From: Snort-users <snort-users-bounces () lists snort org> on behalf of Dorian ROSSE via Snort-users <snort-users () 
lists snort org>
Date: Tuesday, May 24, 2022 at 2:48 PM
To: snort-users () lists snort org <snort-users () lists snort org>, snort-devel () lists snort org <snort-devel () 
lists snort org>
Subject: [Snort-users] snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup
hello,


i launch the last snort in local but the snort launched is snort 3.1.21 :

'''~/snort_src/snort3-3.1.30.0$ sudo snort -c /usr/local/etc/snort/snort.lua --daq-dir ../libdaq-3.0.7 --daq pcap --daq 
dump --daq-var lb_total=4 --daq-var fanout_type=hash -s 65535 -k all -l /var/log/snort -i enp0s25 --daq-var lb_id=1 -i 
wlp3s0 --daq-var lb_id=2 -z 2 -m 0x1b
--------------------------------------------------
o")~   Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
Loading inline.lua:
Finished inline.lua:
Loading talos.lua:
Finished talos.lua:
active
alerts
daq
decode
host_cache
host_tracker
network
process
output
appid
alert_json
ips
classifications
references
binder
wizard
detection
reputation
    Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist
    Reputation entries loaded: 1216, invalid: 0, re-defined: 0 (from file 
/usr/local/etc/snort/../lists/default.blocklist)
file_policy
file_id
http2_inspect
http_inspect
ftp_data
ftp_client
ftp_server
port_scan
dce_smb
stream_icmp
stream_tcp
stream_udp
stream_user
stream_file
arp_spoof
back_orifice
dnp3
dns
snort
modbus
netflow
normalizer
pop
rpc_decode
sip
alert_talos
ssl
profiler
telnet
ssh
iec104
imap
stream_ip
stream
hosts
packets
search_engine
so_proxy
trace
dce_tcp
dce_udp
dce_http_proxy
dce_http_server
gtp_inspect
smtp
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
       total rules loaded: 600
            builtin rules: 600
            option chains: 600
            chain headers: 1
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ipt
     any     600       0       0       0
   total     600       0       0       0
--------------------------------------------------
ips policies rule stats
              id  loaded  shared enabled    file
               0     600       0     600    /usr/local/etc/snort/snort.lua
--------------------------------------------------
dump:pcap DAQ configured to inline.
Commencing packet processing
++ [0] enp0s25
++ [1] wlp3s0'''

a good news is i success to install hyperscan with the last boost,

thank you in advance to help myself launch fully the last snort,

regards.


Dorian ROSSE.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Re: snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup Nihal Desai (nihdesai) via Snort-devel (May 24)
- <Possible follow-ups>
- Re: snort3.1.30 launch the old snort but i run in local without be understand by the ubuntu setup Dorian ROSSE via Snort-devel (May 31)