[Snort-devel] Minor notes snort-3.0.0-a1

Russ Combs (rucombs) rucombs at ...3461...
Sat Dec 13 07:02:08 EST 2014


Thanks for the report.  Comments below.

________________________________
From: Y M [snort at ...3347...]
Sent: Saturday, December 13, 2014 4:28 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Minor notes snort-3.0.0-a1

1. Difference in performance profiling configuration option when building snort with cmake vs. autotools:
    cmake accepts enable-perfprofiling but not enable-perf-profiling
    autotools accepts enable-perf-profiling but not enable-perfprofiling

* We will get cmake updated to match auto tools here.

2. When running snort, a fatal error may be generated:
     FATAL: can't init /usr/local/snort/etc/snort.lua: /usr/local/snort/etc/snort.lua:22: module 'snort_config' not found:
no field package.preload['snort_config']
no file './snort_config.lua'
no file '/usr/local/share/luajit-2.0.3/snort_config.lua'
no file '/usr/local/share/lua/5.1/snort_config.lua'
no file '/usr/local/share/lua/5.1/snort_config/init.lua'
no file './snort_config.so'
no file '/usr/local/lib/lua/5.1/snort_config.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
      Fatal Error, Quitting..

    snort_config.lua is not copied to /etc when installing snort. Manually copying snort_config.lua to /etc fixes the issue.

* Did you export LUA_PATH to point to the directory where snort_config.lua is installed?  LUA_PATH is for required files, i.e. files loaded by LuaJIT automatically, whereas SNORT_LUA_PATH is for Snort configuration include paths.  The two are distinct and must be set correctly.

3. Difference in dump_stats() when running with --shell and dump_stats() after running quit():

* This is a known issue already on the todo list.  Glad to see someone actually tried it.  :)

    o")~
dump_stats()
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                    pcaps: 1
--------------------------------------------------
Module Statistics
--------------------------------------------------
Summary Statistics
--------------------------------------------------
process
           local commands: 12
o")~

o")~
quit()
== stopping
o")~
-- [0] eth0
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                    pcaps: 1
                 received: 118
                 analyzed: 118
                    allow: 118
                     idle: 2
--------------------------------------------------
codec
                    total: 122         (100.000%)
                 discards: 18           ( 14.754%)
                      arp: 2           (  1.639%)
                      eth: 122         (100.000%)
                    icmp4: 78           ( 63.934%)
                     ipv4: 120         ( 98.361%)
                      tcp: 36           ( 29.508%)
                      udp: 6           (  4.918%)
--------------------------------------------------
Module Statistics
--------------------------------------------------
back_orifice
                  packets: 3
--------------------------------------------------
binder
                  packets: 8
                 inspects: 8
--------------------------------------------------
perf_monitor
                  packets: 100
--------------------------------------------------
port_scan_global
                  packets: 98
--------------------------------------------------
stream
                tcp flows: 4
                udp flows: 3
               icmp flows: 1
--------------------------------------------------
stream_icmp
                  created: 1
                 released: 1
--------------------------------------------------
stream_tcp
                 sessions: 4
                 timeouts: 2
            data trackers: 4
         trackers created: 4
        trackers released: 4
              segs queued: 5
            segs released: 5
          client cleanups: 4
--------------------------------------------------
stream_udp
                 sessions: 3
                  created: 3
                 released: 3
--------------------------------------------------
tcp
       bad checksum (ip4): 15
--------------------------------------------------
udp
       bad checksum (ip4): 3
--------------------------------------------------
Summary Statistics
--------------------------------------------------
detection
                 analyzed: 118
--------------------------------------------------
process
           local commands: 15
--------------------------------------------------
timing
                  runtime: 00:02:49
                  seconds: 169.467279
                  packets: 118
                 pkts/sec: 0
o")~   Snort exiting

Thanks.
Yaser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141213/08fa31b4/attachment.html>


More information about the Snort-devel mailing list