Snort mailing list archives
Re: appid in Snort failure
From: Gabriel Corre <gabriel.corre () fr clara net>
Date: Mon, 31 Aug 2015 14:18:26 +0000
Okay, that was it thanks.
I'm getting close but still got this after launching "snort -c /usr/local/etc/snort/snort.conf -I eth0" :
Could not read configuration file /usr/local/etc/cisco/app/custom/userappid.conf
LuaJIT: Version LuaJIT 2.0.2
Setting tracker size to 211
AppInfo: AppId 3861 is UNKNOWN
AppInfo: AppId 3970 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 1697 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
And snort exits without any errors.
I don't have a directory "custom" I just have a "/usr/local/etc/cisco/app/odp" and I can't find userappid.conf either.
I checked "appMapping.data" file and these AppId are not defined but I don't think this is why Snort is exiting.
Cheers
--
Gabriel Corré
Élève Ingénieur Réseaux & Sécurité, Ops - Core Infrastructure
De : Al Lewis (allewi) [mailto:allewi () cisco com]
Envoyé : lundi 31 août 2015 15:23
À : Gabriel Corre <gabriel.corre () fr clara net>; snort-users () lists sourceforge net
Objet : RE: appid in Snort failure
Try doing a:
sudo apt-cache search lua
And the lua dev libraries should be there.
liblua5.1-0-dev - Development files for the Lua language version 5.1
liblua5.2-dev - Development files for the Lua language version 5.2
alewis@lil-debbie-7:~$ uname -a
Linux lil-debbie-7 3.2.0-4-486 #1 Debian 3.2.65-1+deb7u1 i686 GNU/Linux
Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>
From: Gabriel Corre [mailto:gabriel.corre () fr clara net]
Sent: Monday, August 31, 2015 9:08 AM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] appid in Snort failure
Hello,
I'm trying to include appid preprocessor in Snort so I installed LuaJIT-2.0.2 as recommended. Then I launched
"./configure -enable-sourcefire -enable-open-appid" but I get "ERROR! LuaJIT library not found."
I did some research but didn't find anything really interesting.
Maybe I need some lib like "libluajit-dev" or something like this but I didn't find any.
Any ideas ?
Cheers,
--
Gabriel Corré
Élève Ingénieur Réseaux & Sécurité, Ops - Core Infrastructure
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- appid in Snort failure Gabriel Corre (Aug 31)
- Re: appid in Snort failure Al Lewis (allewi) (Aug 31)
- Re: appid in Snort failure Gabriel Corre (Aug 31)
- Re: appid in Snort failure Y M (Aug 31)
- Re: appid in Snort failure Al Lewis (allewi) (Aug 31)