[Snort-openappid] Configuration Problem

Jim Campbell jim at w4bqp.net
Thu Jun 15 15:27:23 EDT 2017


Fresh off my success yesterday of getting Snort 2.9.9.0 to work in 
inline IPS mode I decided to upgrade to OpenAppID. I used the 
instructions in 
sublimerobots.com/2017/01/installing-openappid-with-snort-2-9-9-x-on-ubuntu/ 
All went well until I got to the part where I ran Snort in test mode to 
check out my snort.conf changes. (I installed the most current version 
of the Application Detector Package (5411).)

All went well until I got to this part:

...
   Finished Loading all dynamic preprocessor libs from 
/usr/local/lib/snort_dynamicpreprocessor/
Log directory = /var/log/snort
ERROR: Argument Error in /etc/snort/snort.conf(529): appid_event_types
Fatal Error, Quitting..
...

This is the pertinent section of snort.conf:

# unified2
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp, 
mpls_event_types, vlan_event_types
output unified2: filename snort.u2, limit 128
output unified2: filename snort.log, limit 128, appid_event_types

Searching for help in the archives I discovered that Noah Dietrich had a 
similar problem but it occurred when he was testing Barnyard2. His post 
is at:  http://seclists.org/snort/2016/q1/290 It didn't appear that he 
got an answer.

Is there an answer or is OpenAppID broken?

Thanks,

Jim

-- 
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin




More information about the Snort-openappid mailing list