[Snort-openappid] [Snort-users] AppId quickstart

James jlay at ...45...
Fri Oct 24 12:27:04 EDT 2014


I sure will…thanks a bunch Joel.

James

On Oct 24, 2014, at 10:19, Joel Esler (jesler) <jesler at ...5...> wrote:

> Thanks James.
> 
> We’ve posted several blog posts with instructions, videos, etc on the Snort.org blog: http://blog.snort.org/search/label/openappid
> 
> Please check it out.
> 
> J
> 
>> On Oct 24, 2014, at 8:40 AM, James <jlay at ...45...> wrote:
>> 
>> So on Ubuntu 1[0-4]:
>> 
>> Download luajit at http://luajit.org/download/LuaJIT-2.0.3.tar.gz (apt package didn’t get recognized on snort reconfigure).
>> Uncompress, make, sudo make install
>> Download snort-openappid.tar.gz from https://www.snort.org/downloads
>> Uncompress and move the odp dir to somewhere (I chose /opt/share/)
>> Recompile snort with adding --enable-appid, make, sudo make install
>> Add the below to your snort.conf:
>> 
>> preprocessor appid : \
>> 		app_detector_dir /opt/share
>> 
>> Test with sudo snort -T -c snort.conf
>> 
>> Should see:
>> 
>> AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966 1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985 1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021 2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158 2159 2162 2019 2072 1508 1063 2261 2664 2690
>> Could not read configuration file /opt/share/custom/userappid.conf
>> LuaJIT: Version LuaJIT 2.0.3
>>  Setting tracker size to 219
>>  TCP Port-Only Services
>> 
>> Enjoy…subscribe to the snort-openappid list for more information and help.
>> 
>> James
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 





More information about the Snort-openappid mailing list