[Snort-devel] Minor notes snort-3.0.0-a1

Y M snort at ...3347...
Sat Dec 13 07:22:18 EST 2014


Inline please.
From: rucombs at ...3461...
To: snort at ...3347...; snort-devel at lists.sourceforge.net
Subject: RE: [Snort-devel] Minor notes snort-3.0.0-a1
Date: Sat, 13 Dec 2014 12:02:08 +0000







Thanks for the report.  Comments below.





From: Y M [snort at ...3347...]

Sent: Saturday, December 13, 2014 4:28 AM

To: snort-devel at lists.sourceforge.net

Subject: [Snort-devel] Minor notes snort-3.0.0-a1







1. Difference in performance profiling configuration option when building snort with cmake vs. autotools:


    cmake accepts enable-perfprofiling but not enable-perf-profiling

    autotools accepts enable-perf-profiling but not enable-perfprofiling




* We will get cmake updated to match auto tools here.
-- Awesome, thanks.





2. When running snort, a fatal error may be generated:

     FATAL: can't init /usr/local/snort/etc/snort.lua: /usr/local/snort/etc/snort.lua:22: module 'snort_config' not found:

no field package.preload['snort_config']

no file './snort_config.lua'

no file '/usr/local/share/luajit-2.0.3/snort_config.lua'

no file '/usr/local/share/lua/5.1/snort_config.lua'

no file '/usr/local/share/lua/5.1/snort_config/init.lua'

no file './snort_config.so'

no file '/usr/local/lib/lua/5.1/snort_config.so'

no file '/usr/local/lib/lua/5.1/loadall.so'

      Fatal Error, Quitting..





    snort_config.lua is not copied to /etc when installing snort. Manually copying snort_config.lua to /etc fixes the issue. 





* Did you export LUA_PATH to point to the directory where snort_config.lua is installed?  LUA_PATH is for required files, i.e. files loaded by LuaJIT automatically, whereas SNORT_LUA_PATH is for Snort configuration include paths.  The two are distinct and must
 be set correctly.
-- Yes:
dev at ...3545...:~$ echo $LUA_PATH/usr/local/snort/include/snort/lua/?.lua;;dev at ...3545...:~$ echo $SNORT_LUA_PATH/usr/local/snort/etc





3. Difference in dump_stats() when running with --shell and dump_stats() after running quit():





* This is a known issue already on the todo list.  Glad to see someone actually tried it.  :)
-- Glad to know its a known issue. Thanks.

    

    o")~ 

dump_stats()

--------------------------------------------------

Packet Statistics

--------------------------------------------------

daq

                    pcaps: 1

--------------------------------------------------

Module Statistics

--------------------------------------------------

Summary Statistics

--------------------------------------------------

process

           local commands: 12

o")~ 





o")~ 

quit()

== stopping

o")~ 

-- [0] eth0

--------------------------------------------------

Packet Statistics

--------------------------------------------------

daq

                    pcaps: 1

                 received: 118

                 analyzed: 118

                    allow: 118

                     idle: 2

--------------------------------------------------

codec

                    total: 122        
(100.000%)

                 discards: 18          
( 14.754%)

                      arp: 2          
(  1.639%)

                      eth: 122        
(100.000%)

                    icmp4: 78          
( 63.934%)

                     ipv4: 120        
( 98.361%)

                      tcp: 36          
( 29.508%)

                      udp: 6          
(  4.918%)

--------------------------------------------------

Module Statistics

--------------------------------------------------

back_orifice

                  packets: 3

--------------------------------------------------

binder

                  packets: 8

                 inspects: 8

--------------------------------------------------

perf_monitor

                  packets: 100

--------------------------------------------------

port_scan_global

                  packets: 98

--------------------------------------------------

stream

                tcp flows: 4

                udp flows: 3

               icmp flows: 1

--------------------------------------------------

stream_icmp

                  created: 1

                 released: 1

--------------------------------------------------

stream_tcp

                 sessions: 4

                 timeouts: 2

            data trackers: 4

         trackers created: 4

        trackers released: 4

              segs queued: 5

            segs released: 5

          client cleanups: 4

--------------------------------------------------

stream_udp

                 sessions: 3

                  created: 3

                 released: 3

--------------------------------------------------

tcp

       bad checksum (ip4): 15

--------------------------------------------------

udp

       bad checksum (ip4): 3

--------------------------------------------------

Summary Statistics

--------------------------------------------------

detection

                 analyzed: 118

--------------------------------------------------

process

           local commands: 15

--------------------------------------------------

timing

                  runtime: 00:02:49

                  seconds: 169.467279

                  packets: 118

                 pkts/sec: 0

o")~   Snort exiting





Thanks.

Yaser




 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141213/2e2cfefe/attachment.html>


More information about the Snort-devel mailing list