[Snort-openappid] Snort 220.127.116.11 and OpenAppID
snort at ...46...
Fri Dec 4 05:52:38 EST 2015
While testing Snort 18.104.22.168 with OpenAppID version 254, the following was observed in Snort output which was not available in previous versions of Snort.
Defaulting to monitoring all Snort traffic for AppID.
Adding 0x00000000-0xFFFFFFFF (0x00000038) with zone -1
Adding ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (0x00000038) with zone -1
AppInfo: AppId 2683 is UNKNOWN
3rd Party Dir: /usr/local/lib/thirdparty
Monitoring Networks for any zone:
Excluded TCP Ports for Src:
Excluded TCP Ports for Dst:
Excluded UDP Ports Src:
Excluded UDP Ports Dst:
WARNING: Directory /usr/local/lib/thirdparty does not exist.
Based on the above output, I have some questions:
1. Where can the "zone" be configured, if even possible? Should the "zone" be tied to $HOME_NET?
2. Is the "custom" directory designation officially replaced with "thirdparty"?
3. Where can the ports exclusions be configured, if even possible?
Looking at the current available documentation I could not find references to the above items.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid