[Snort-openappid] [Snort-users] AppId quickstart

Costas Kleopa (ckleopa) ckleopa at ...5...
Fri Oct 24 12:22:58 EDT 2014


Can you confirm if you run:
./configure --enable-open-appid

Below you mentioned: --enable-appid,


Thanks
Costas


On 10/24/14, 12:19 PM, "Joel Esler (jesler)" <jesler at ...5...> wrote:

>Thanks James.
>
>We¹ve posted several blog posts with instructions, videos, etc on the
>Snort.org blog: http://blog.snort.org/search/label/openappid
>
>Please check it out.
>
>J
>
>> On Oct 24, 2014, at 8:40 AM, James <jlay at ...45...> wrote:
>> 
>> So on Ubuntu 1[0-4]:
>> 
>> Download luajit at http://luajit.org/download/LuaJIT-2.0.3.tar.gz (apt
>>package didn¹t get recognized on snort reconfigure).
>> Uncompress, make, sudo make install
>> Download snort-openappid.tar.gz from https://www.snort.org/downloads
>> Uncompress and move the odp dir to somewhere (I chose /opt/share/)
>> Recompile snort with adding --enable-appid, make, sudo make install
>> Add the below to your snort.conf:
>> 
>> preprocessor appid : \
>> 		app_detector_dir /opt/share
>> 
>> Test with sudo snort -T -c snort.conf
>> 
>> Should see:
>> 
>> AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966
>>1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985
>>1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021
>>2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158
>>2159 2162 2019 2072 1508 1063 2261 2664 2690
>> Could not read configuration file /opt/share/custom/userappid.conf
>> LuaJIT: Version LuaJIT 2.0.3
>>   Setting tracker size to 219
>>   TCP Port-Only Services
>> 
>> EnjoyŠsubscribe to the snort-openappid list for more information and
>>help.
>> 
>> James
>> 
>>-------------------------------------------------------------------------
>>-----
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest
>>Snort news!
>





More information about the Snort-openappid mailing list