Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq

From: "Russ Combs \(rucombs\) via Snort-users" <snort-users () lists snort org>
Date: Thu, 10 Oct 2019 02:37:54 +0000
Does Ctrl+C exit normally with the NFQ DAQ without reload?

From: sofardware <sofardware () 126 com>
Date: Wednesday, October 9, 2019 at 10:13 PM
To: "Tom Peters (thopeter)" <thopeter () cisco com>
Cc: "Shravan Rangarajuvenkata (shrarang)" <shrarang () cisco com>, "Snort-users () lists snort org" <Snort-users () 
lists snort org>, "Russ Combs (rucombs)" <rucombs () cisco com>
Subject: Help please!!! snort_build261 can not reload config successfully with daq in nfq


Hi,
      I am   anxious to  resolve this problem. Please give me some help. Thank you very much.
      I have read  README file in snort3 and DAQ, and did not found useful info for this problem.
-----------------------
Hi,
   I need help for this:
   snort_build261 can not reload config successfully  with daq in nfq, and also can not  be exit by  pressing keys 
“Ctrl+C”.
   But it works well  with daq of not nfq.

[root@localhost build]# /usr/local/snort261/bin/snort --daq-dir /usr/local/lib/daq/ --daq nfq -i 1 -c 
/usr/local/snort261/etc/snort/snort.lua --shell -j
--------------------------------------------------
o")~   Snort++ 3.0.0-261
--------------------------------------------------
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
 ssh
 host_cache
 pop
 binder
 stream_tcp
 network
 gtp_inspect
 packets
 dce_http_proxy
 stream_icmp
 normalizer
 ftp_server
 stream_udp
 search_engine
 ips
 dce_smb
 latency
 wizard
 appid
 file_id
 ftp_data
 hosts
 smtp
 port_scan
 dce_http_server
 modbus
 dce_tcp
 telnet
 host_tracker
 ssl
 sip
 rpc_decode
 http2_inspect
 http_inspect
 back_orifice
 stream_user
 stream_ip
 classifications
 dnp3
 active
 ftp_client
 daq
 decode
 alerts
 stream
 references
 arp_spoof
 output
 dns
 dce_udp
 imap
 process
 stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
--------------------------------------------------
/usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from expected version (0x30001)
/usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module.
/usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected version (0x30001)
/usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module.
nfq DAQ configured to passive.
Commencing packet processing
Entering command shell
o")~
++ [0] 1
reload_config('/usr/local/snort261/etc/snort/snort.lua')
.. reloading configuration
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
 ssh
 host_cache
 pop
 binder
 stream_tcp
 network
 gtp_inspect
 packets
 dce_http_proxy
 stream_icmp
 normalizer
 ftp_server
 stream_udp
 search_engine
 ips
 dce_smb
 latency
 wizard
 appid
 file_id
 ftp_data
 hosts
 smtp
 port_scan
 dce_http_server
 modbus
 dce_tcp
 telnet
 host_tracker
 ssl
 sip
 rpc_decode
 http2_inspect
 http_inspect
 back_orifice
 stream_user
 stream_ip
 classifications
 dnp3
 active
 ftp_client
 daq
 decode
 alerts
 stream
 references
 arp_spoof
 output
 dns
 dce_udp
 imap
 process
 stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
0 hosts loaded
reload_config('/usr/local/snort261/etc/snort/snort.lua')
== reload pending; retry
^C** caught int signal
== stopping
^C** caught int signal
== stopping
^C** caught int signal
== stopping
^C** caught int signal
== stopping


==============================================================================no nfq================
[root@localhost build]# /usr/local/snort261/bin/snort --daq-dir /usr/local/lib/daq/ -i eth0 -c 
/usr/local/snort261/etc/snort/snort.lua --shell -j
--------------------------------------------------
o")~   Snort++ 3.0.0-261
--------------------------------------------------
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
 ssh
 host_cache
 pop
 binder
 stream_tcp
 network
 gtp_inspect
 packets
 dce_http_proxy
 stream_icmp
 normalizer
 ftp_server
 stream_udp
 search_engine
 ips
 dce_smb
 latency
 wizard
 appid
 file_id
 ftp_data
 hosts
 smtp
 port_scan
 dce_http_server
 modbus
 dce_tcp
 telnet
 host_tracker
 ssl
 sip
 rpc_decode
 http2_inspect
 http_inspect
 back_orifice
 stream_user
 stream_ip
 classifications
 dnp3
 active
 ftp_client
 daq
 decode
 alerts
 stream
 references
 arp_spoof
 output
 dns
 dce_udp
 imap
 process
 stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
--------------------------------------------------
/usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from expected version (0x30001)
/usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module.
/usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected version (0x30001)
/usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module.
pcap DAQ configured to passive.
Commencing packet processing
Entering command shell
o")~
++ [0] eth0
reload_config('/usr/local/snort261/etc/snort/snort.lua')
.. reloading configuration
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
 ssh
 host_cache
 pop
 binder
 stream_tcp
 network
 gtp_inspect
 packets
 dce_http_proxy
 stream_icmp
 normalizer
 ftp_server
 stream_udp
 search_engine
 ips
 dce_smb
 latency
 wizard
 appid
 file_id
 ftp_data
 hosts
 smtp
 port_scan
 dce_http_server
 modbus
 dce_tcp
 telnet
 host_tracker
 ssl
 sip
 rpc_decode
 http2_inspect
 http_inspect
 back_orifice
 stream_user
 stream_ip
 classifications
 dnp3
 active
 ftp_client
 daq
 decode
 alerts
 stream
 references
 arp_spoof
 output
 dns
 dce_udp
 imap
 process
 stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
0 hosts loaded
.. swapping configuration
== reload complete
o")~


















_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: