[Snort-openappid] Snort exits when using appid

Costas Kleopa (ckleopa) ckleopa at ...5...
Tue Sep 1 08:48:57 EDT 2015 

That userappid file is optional, it should not be the reason for your failure.
Could you send us your snort.conf file, tell us how you build snort, and where your detectors folder is located?

Thanks
Costas

On Sep 1, 2015, at 8:30 AM, Gabriel Corre <gabriel.corre at ...94...<mailto:gabriel.corre at ...94...>> wrote:

Hi !

I’m currently working on getting snort working with openappid and I think I’m pretty close.
However, when I’m launching Snort I get :
Could not read configuration file /usr/local/etc/cisco/app/custom/userappid.conf
LuaJIT: Version LuaJIT 2.0.2
    Setting tracker size to 211
AppInfo: AppId 3861 is UNKNOWN
AppInfo: AppId 3970 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 1697 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
    TCP Port-Only Services

And Snort exits whithout any error message.
I cannot find the “userappid.conf” but not sure this is the pb.


This is my Snort info :
Version 2.9.7.5 GRE (Build 262)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.7.4
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.7

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build 1>
           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
           Preprocessor Object: APPID  Version 1.1  <Build 4>
           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>


Any Idea?

Cheers
--

Gabriel Corré
Ingénieur Réseaux, Ops - Core Infrastructure

------------------------------------------------------------------------------
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at ...12...rge.net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150901/8e49ad32/attachment.html>

More information about the Snort-openappid mailing list