[Snort-openappid] Configuration Problem

Jim Campbell jim at w4bqp.net
Thu Jun 15 15:27:23 EDT 2017

Fresh off my success yesterday of getting Snort to work in 
inline IPS mode I decided to upgrade to OpenAppID. I used the 
instructions in 
All went well until I got to the part where I ran Snort in test mode to 
check out my snort.conf changes. (I installed the most current version 
of the Application Detector Package (5411).)

All went well until I got to this part:

   Finished Loading all dynamic preprocessor libs from 
Log directory = /var/log/snort
ERROR: Argument Error in /etc/snort/snort.conf(529): appid_event_types
Fatal Error, Quitting..

This is the pertinent section of snort.conf:

# unified2
# Recommended for most installs
# output unified2: filename merged.log, limit 128, nostamp, 
mpls_event_types, vlan_event_types
output unified2: filename snort.u2, limit 128
output unified2: filename snort.log, limit 128, appid_event_types

Searching for help in the archives I discovered that Noah Dietrich had a 
similar problem but it occurred when he was testing Barnyard2. His post 
is at:  http://seclists.org/snort/2016/q1/290 It didn't appear that he 
got an answer.

Is there an answer or is OpenAppID broken?



"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin

More information about the Snort-openappid mailing list