<div><div>Are using custom appid detectors? If yes, then you need to create the userappid.conf such as:</div><div><br></div><div>touch /path/to/appid/custom/userappid.conf</div><div><br></div><div>It does not need to be filled with anything.</div><div><br><div class="acompli_signature">Sent from Mobile</div><br></div></div>
    <div class="gmail_quote">_____________________________<br>From: Gabriel Corre <<a href="mailto:gabriel.corre@...94..." x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="1">gabriel.corre@...94...</a>><br>Sent: Tuesday, September 1, 2015 3:32 PM<br>Subject: [Snort-openappid] Snort exits when using appid<br>To:  <<a href="mailto:snort-openappid@lists.sourceforge.net" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="3">snort-openappid@lists.sourceforge.net</a>><br><br><br>    <meta content="text/html; charset=iso-8859-1">   <meta name="Generator" content="Microsoft Word 15 (filtered medium)">   <style><!--/* Font Definitions */@font-face     {font-family:"Cambria Math";  panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face        {font-family:Calibri;   panose-1:2 15 5 2 2 2 4 3 2 4;}/* Style Definitions */p.MsoNormal, li.MsoNormal, div.MsoNormal  {margin:0cm;    margin-bottom:.0001pt;  font-size:11.0pt;       font-family:"Calibri",sans-serif;     mso-fareast-language:EN-US;}a:link, span.MsoHyperlink   {mso-style-priority:99; color:#0563C1;  text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72;  text-decoration:underline;}span.EmailStyle17    {mso-style-type:personal-compose;       font-family:"Calibri",sans-serif;     color:windowtext;}.MsoChpDefault        {mso-style-type:export-only;    font-family:"Calibri",sans-serif;     mso-fareast-language:EN-US;}@page WordSection1  {size:612.0pt 792.0pt;  margin:70.85pt 70.85pt 70.85pt 70.85pt;}div.WordSection1        {page:WordSection1;}--></style>       <div class="WordSection1">    <p class="MsoNormal"><span lang="EN-US">Hi !<br> <br> I’m currently working on getting snort working with openappid and I think I’m pretty close.<br> However, when I’m launching Snort I get :<br> Could not read configuration file /usr/local/etc/cisco/app/custom/userappid.conf</span></p>    <p class="MsoNormal"><span lang="EN-US">LuaJIT: Version LuaJIT 2.0.2</span></p>    <p class="MsoNormal"><span lang="EN-US">    Setting tracker size to 211</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 3861 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 3970 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 939 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 939 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 1697 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 3971 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">AppInfo: AppId 3971 is UNKNOWN</span></p>    <p class="MsoNormal"><span lang="EN-US">    TCP Port-Only Services</span></p>    <p class="MsoNormal"><span lang="EN-US"> </span></p>    <p class="MsoNormal"><span lang="EN-US">And Snort exits whithout any error message.<br> I cannot find the “userappid.conf” but not sure this is the pb.<br> <br> </span></p>    <p class="MsoNormal"><span lang="EN-US"> </span></p>    <p class="MsoNormal"><span lang="EN-US">This is my Snort info :</span></p>    <p class="MsoNormal"><span lang="EN-US">Version 2.9.7.5 GRE (Build 262)</span></p>    <p class="MsoNormal"><span lang="EN-US">   ''''    By Martin Roesch & The Snort Team: <a href="http://www.snort.org/contact#team" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="5">http://www.snort.org/contact#team</a></span></p>    <p class="MsoNormal"><span lang="EN-US">           Copyright (C) <a href="tel:2014-2015" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="6">2014-2015</a> Cisco and/or its affiliates. All rights reserved.</span></p>    <p class="MsoNormal"><span lang="EN-US">           Copyright (C) <a href="tel:1998-2013" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="7">1998-2013</a> Sourcefire, Inc., et al.</span></p>    <p class="MsoNormal"><span lang="EN-US">           Using libpcap version 1.7.4</span></p>    <p class="MsoNormal"><span lang="EN-US">           Using PCRE version: 8.30 2012-02-04</span></p>    <p class="MsoNormal"><span lang="EN-US">           Using ZLIB version: 1.2.7</span></p>    <p class="MsoNormal"><span lang="EN-US"> </span></p>    <p class="MsoNormal"><span lang="EN-US">           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_POP  Version 1.0  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_SSH  Version 1.1  <Build 3></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_SDF  Version 1.1  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_GTP  Version 1.1  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_DNS  Version 1.1  <Build 4></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_SIP  Version 1.1  <Build 1></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: APPID  Version 1.1  <Build 4></span></p>    <p class="MsoNormal"><span lang="EN-US">           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13></span></p>    <p class="MsoNormal"><span lang="EN-US"> </span></p>    <p class="MsoNormal"><span lang="EN-US"> </span></p>    <p class="MsoNormal"><span lang="EN-US">Any Idea?<br> <br> Cheers</span></p>    <p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:FR">--</span></p>    <p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:FR"> </span></p>    <p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:FR">Gabriel Corré</span></p>    <p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:FR">Ingénieur Réseaux, Ops - Core Infrastructure</span></p>    <p class="MsoNormal"><span lang="EN-US"> </span></p>   </div>    <br><br></div>