[Snort-users] appid in Snort failure

Gabriel Corre gabriel.corre at ...17281...
Mon Aug 31 10:18:26 EDT 2015


Okay, that was it thanks.
I'm getting close but still got this after launching "snort -c /usr/local/etc/snort/snort.conf -I eth0" :

Could not read configuration file /usr/local/etc/cisco/app/custom/userappid.conf
LuaJIT: Version LuaJIT 2.0.2
    Setting tracker size to 211
AppInfo: AppId 3861 is UNKNOWN
AppInfo: AppId 3970 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 939 is UNKNOWN
AppInfo: AppId 1697 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN
AppInfo: AppId 3971 is UNKNOWN

And snort exits without any errors.

I don't have a directory "custom" I just have a "/usr/local/etc/cisco/app/odp" and I can't find userappid.conf either.
I checked "appMapping.data" file and these AppId are not defined but I don't think this is why Snort is exiting.

Cheers

--

Gabriel Corré
Élève Ingénieur Réseaux & Sécurité, Ops - Core Infrastructure

De : Al Lewis (allewi) [mailto:allewi at ...589...]
Envoyé : lundi 31 août 2015 15:23
À : Gabriel Corre <gabriel.corre at ...17281...>; snort-users at ...2987...rge.net
Objet : RE: appid in Snort failure

Try doing a:

sudo apt-cache search lua


And the lua dev libraries should be there.

liblua5.1-0-dev - Development files for the Lua language version 5.1
liblua5.2-dev - Development files for the Lua language version 5.2


alewis at ...17165...:~$ uname -a
Linux lil-debbie-7 3.2.0-4-486 #1 Debian 3.2.65-1+deb7u1 i686 GNU/Linux






Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Gabriel Corre [mailto:gabriel.corre at ...17281...]
Sent: Monday, August 31, 2015 9:08 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] appid in Snort failure

Hello,

I'm trying to include appid preprocessor in Snort so I installed LuaJIT-2.0.2 as recommended. Then I launched "./configure -enable-sourcefire -enable-open-appid" but I get "ERROR! LuaJIT library not found."
I did some research but didn't find anything really interesting.
Maybe I need some lib like "libluajit-dev" or something like this but I didn't find any.
Any ideas ?

Cheers,

--

Gabriel Corré
Élève Ingénieur Réseaux & Sécurité, Ops - Core Infrastructure

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150831/370c1df1/attachment.html>


More information about the Snort-users mailing list