[Snort-devel] Minor notes snort-3.0.0-a1

Y M snort at ...3347...
Sat Dec 13 04:28:07 EST 2014


1. Difference in performance profiling configuration option when building snort with cmake vs. autotools:    cmake accepts enable-perfprofiling but not enable-perf-profiling    autotools accepts enable-perf-profiling but not enable-perfprofiling
2. When running snort, a fatal error may be generated:     FATAL: can't init /usr/local/snort/etc/snort.lua: /usr/local/snort/etc/snort.lua:22: module 'snort_config' not found:	no field package.preload['snort_config']	no file './snort_config.lua'	no file '/usr/local/share/luajit-2.0.3/snort_config.lua'	no file '/usr/local/share/lua/5.1/snort_config.lua'	no file '/usr/local/share/lua/5.1/snort_config/init.lua'	no file './snort_config.so'	no file '/usr/local/lib/lua/5.1/snort_config.so'	no file '/usr/local/lib/lua/5.1/loadall.so'      Fatal Error, Quitting..
    snort_config.lua is not copied to /etc when installing snort. Manually copying snort_config.lua to /etc fixes the issue. 
3. Difference in dump_stats() when running with --shell and dump_stats() after running quit():        o")~ dump_stats()--------------------------------------------------Packet Statistics--------------------------------------------------daq                    pcaps: 1--------------------------------------------------Module Statistics--------------------------------------------------Summary Statistics--------------------------------------------------process           local commands: 12o")~ 
o")~ quit()== stoppingo")~ -- [0] eth0--------------------------------------------------Packet Statistics--------------------------------------------------daq                    pcaps: 1                 received: 118                 analyzed: 118                    allow: 118                     idle: 2--------------------------------------------------codec                    total: 122         	(100.000%)                 discards: 18          	( 14.754%)                      arp: 2           	(  1.639%)                      eth: 122         	(100.000%)                    icmp4: 78          	( 63.934%)                     ipv4: 120         	( 98.361%)                      tcp: 36          	( 29.508%)                      udp: 6           	(  4.918%)--------------------------------------------------Module Statistics--------------------------------------------------back_orifice                  packets: 3--------------------------------------------------binder                  packets: 8                 inspects: 8--------------------------------------------------perf_monitor                  packets: 100--------------------------------------------------port_scan_global                  packets: 98--------------------------------------------------stream                tcp flows: 4                udp flows: 3               icmp flows: 1--------------------------------------------------stream_icmp                  created: 1                 released: 1--------------------------------------------------stream_tcp                 sessions: 4                 timeouts: 2            data trackers: 4         trackers created: 4        trackers released: 4              segs queued: 5            segs released: 5          client cleanups: 4--------------------------------------------------stream_udp                 sessions: 3                  created: 3                 released: 3--------------------------------------------------tcp       bad checksum (ip4): 15--------------------------------------------------udp       bad checksum (ip4): 3--------------------------------------------------Summary Statistics--------------------------------------------------detection                 analyzed: 118--------------------------------------------------process           local commands: 15--------------------------------------------------timing                  runtime: 00:02:49                  seconds: 169.467279                  packets: 118                 pkts/sec: 0o")~   Snort exiting
Thanks.Yaser 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141213/a9d93c69/attachment.html>


More information about the Snort-devel mailing list