[Snort-openappid] Configuration Problem
jim at w4bqp.net
Thu Jun 15 15:27:23 EDT 2017
Fresh off my success yesterday of getting Snort 188.8.131.52 to work in
inline IPS mode I decided to upgrade to OpenAppID. I used the
All went well until I got to the part where I ran Snort in test mode to
check out my snort.conf changes. (I installed the most current version
of the Application Detector Package (5411).)
All went well until I got to this part:
Finished Loading all dynamic preprocessor libs from
Log directory = /var/log/snort
ERROR: Argument Error in /etc/snort/snort.conf(529): appid_event_types
Fatal Error, Quitting..
This is the pertinent section of snort.conf:
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp,
output unified2: filename snort.u2, limit 128
output unified2: filename snort.log, limit 128, appid_event_types
Searching for help in the archives I discovered that Noah Dietrich had a
similar problem but it occurred when he was testing Barnyard2. His post
is at: http://seclists.org/snort/2016/q1/290 It didn't appear that he
got an answer.
Is there an answer or is OpenAppID broken?
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin
More information about the Snort-openappid