Startup: snort_path=/usr/local params="-c $snort_path/etc/snort/snort.lua --script-path $snort_path/lib/snort_extra --plugin-path $snort_path/lib/snort_extra -D -l /var/log/snort -i enp2s0 -u snort -g snort -A alert_json --warn-all" snort $params Output: -------------------------------------------------- o")~ Snort++ 3.0.0-245 -------------------------------------------------- Loading ../snort.lua: alert_syslog ssh pop binder stream_tcp gtp_inspect dce_http_proxy stream_icmp normalizer ftp_server stream_udp dce_smb alert_json modbus suppress ips ssl latency wizard reputation Processing blacklist file /usr/local/etc/snort/rules/iplists/default.blacklist Reputation entries loaded: 1575, invalid: 0, re-defined: 0 (from file /usr/local/etc/snort/rules/iplists/default.blacklist) file_id ftp_data back_orifice smtp port_scan dce_http_server dce_tcp telnet classifications sip rpc_decode http_inspect stream_ip stream_user dnp3 ftp_client stream references arp_spoof dns dce_udp imap stream_file Finished ../snort.lua. Loading builtin: Finished builtin. Loading /usr/local/etc/snort/rules/snort3-community.rules: Finished /usr/local/etc/snort/rules/snort3-community.rules. -------------------------------------------------- rule counts total rules loaded: 3959 text rules: 3488 builtin rules: 471 option chains: 3959 chain headers: 293 -------------------------------------------------- port rule counts tcp udp icmp ip any 934 63 147 22 src 308 25 0 0 dst 2293 245 0 0 both 6 9 0 0 total 3541 342 147 22 -------------------------------------------------- flowbits defined: 32 not checked: 7 not set: 10 -------------------------------------------------- service rule counts - tcp to-srv to-cli dcerpc: 1 0 dns: 16 0 ftp: 87 4 ftp-data: 1 53 http: 1694 195 imap: 35 53 irc: 4 1 kerberos: 1 0 mysql: 3 0 netbios-ns: 1 0 netbios-ssn: 58 14 nntp: 2 0 pop3: 23 53 rdp: 1 0 sip: 2 2 smtp: 69 2 snmp: 5 3 ssl: 18 36 sunrpc: 33 0 telnet: 12 6 wins: 1 0 total: 2067 422 -------------------------------------------------- service rule counts - udp to-srv to-cli dcerpc: 3 3 dns: 107 7 http: 4 0 kerberos: 1 0 netbios-dgm: 1 1 netbios-ns: 3 3 sip: 3 3 snmp: 13 4 sunrpc: 35 4 tftp: 1 0 total: 171 25 -------------------------------------------------- fast pattern port groups src dst any packet: 71 158 4 file: 0 1 0 -------------------------------------------------- fast pattern service groups to-srv to-cli packet: 29 18 key: 4 0 header: 3 5 body: 1 0 file: 2 4 -------------------------------------------------- search engine -------------------------------------------------- pcap DAQ configured to passive. Snort successfully validated the configuration (with 0 warnings). o")~ Snort exiting