[Snort-openappid] Snort exits when using appid

Gabriel Corre gabriel.corre at ...94...
Tue Sep 1 08:30:47 EDT 2015


Hi !

I'm currently working on getting snort working with openappid and I think I'm pretty close.
However, when I'm launching Snort I get :
Could not read configuration file /usr/local/etc/cisco/app/custom/userappid.conf
LuaJIT: Version LuaJIT 2.0.2
    Setting tracker size to 211
AppInfo: AppId 3861 is UNKNOWN
AppInfo: AppId 3970 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 1697 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
    TCP Port-Only Services

And Snort exits whithout any error message.
I cannot find the "userappid.conf" but not sure this is the pb.


This is my Snort info :
Version 2.9.7.5 GRE (Build 262)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.7.4
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.7

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build 1>
           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
           Preprocessor Object: APPID  Version 1.1  <Build 4>
           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>


Any Idea?

Cheers
--

Gabriel Corré
Ingénieur Réseaux, Ops - Core Infrastructure

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150901/7164d4f6/attachment.html>


More information about the Snort-openappid mailing list