[Snort-openappid] Create a custom Lua detector
emil.suleymanli at ...145...
Mon Mar 13 14:43:54 EDT 2017
I am trying to create a custom Lua detector for OpenAppID to detect the applications used (based on URL's; so for websites). As an example, I created the Lua detector shown in the guide: https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/005/047/original/OpenDetectorDeveloperGuide.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1489415541&Signature=gAAwWqtfi33BBX4rrUup%2BrkhWls%3D
I named the detector payload_example.lua and placed it under /usr/local/etc/snort/appid/custom/lua on pfSense. I restarted Snort, and to test visited the webpage. However, in the app-stats logs the result is shown as "appName=unknown" just as it was before I created this custom detector.
Could anyone please let me know what I am missing, and why I cannot see the app name in the logs, but instead unknown?
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid