[Snort-users] appid errors after missing file of manual

Chihwah Li chihwahli at gmail.com
Mon May 13 18:16:20 EDT 2019


What I am trying to do, install AppID from:

https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/138/original/Snort_3.0.0-a4-245_on_Ubuntu_14_16_18.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190513%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190513T174310Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=440a05570e25f4ca2e4183f853fa717646a9c125ca2b5b8a7569a247e19cba30

Does not work in your guide:
wget https://www.snort.org/downloads/openappid/7630 -O OpenAppId-7630.tar.gz


I improvised and changed to :
wget https://www.snort.org/downloads/openappid/10229 -O 
snort-openappid.tar.gz


But after trying out with $ snort -c /usr/local/etc/snort/snort.lua 
--warn-all

I receive the errors:

o")~   Snort++ 3.0.0-255
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
     ssh
     host_cache
     pop
     binder
     stream_tcp
     network
     gtp_inspect
     packets
     dce_http_proxy
     stream_icmp
     normalizer
     ftp_server
     stream_udp
     search_engine
     ips
     dce_smb
     latency
     wizard
     appid
     file_id
     ftp_data
     hosts
     smtp
     port_scan
     dce_http_server
     modbus
     dce_tcp
     telnet
     host_tracker
     ssl
     sip
     rpc_decode
     http2_inspect
     http_inspect
     back_orifice
     stream_user
     stream_ip
     classifications
     dnp3
     active
     ftp_client
     daq
     decode
     alerts
     stream
     references
     arp_spoof
     output
     dns
     dce_udp
     imap
     process
     stream_file
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
        total rules loaded: 476
             builtin rules: 476
             option chains: 476
             chain headers: 1
--------------------------------------------------
port rule counts
              tcp     udp    icmp      ip
      any     476       0       0       0
    total     476       0       0       0
WARNING: appid: no lua detectors found in directory 
'/usr/local/lib/custom/lua/*'
WARNING: appid: no entry in appMapping.data for 3588
WARNING: appid: no entry in appMapping.data for 3589
WARNING: appid: no entry in appMapping.data for 110
WARNING: appid: no entry in appMapping.data for 276
WARNING: appid: no entry in appMapping.data for 65
WARNING: appid: no entry in appMapping.data for 65
WARNING: appid: no entry in appMapping.data for 131
WARNING: appid: no entry in appMapping.data for 131
WARNING: appid: no entry in appMapping.data for 41
WARNING: appid: no entry in appMapping.data for 41
WARNING: appid: no entry in appMapping.data for 115
WARNING: appid: no entry in appMapping.data for 115
WARNING: appid: no entry in appMapping.data for 3834
WARNING: appid: no entry in appMapping.data for 3834
WARNING: appid: no entry in appMapping.data for 197
WARNING: appid: no entry in appMapping.data for 197
WARNING: appid: no entry in appMapping.data for 199
WARNING: appid: no entry in appMapping.data for 199
WARNING: appid: no entry in appMapping.data for 228
WARNING: appid: no entry in appMapping.data for 228
WARNING: appid: no entry in appMapping.data for 227
WARNING: appid: no entry in appMapping.data for 227
WARNING: appid: no entry in appMapping.data for 249
WARNING: appid: no entry in appMapping.data for 249
WARNING: appid: no entry in appMapping.data for 3197
WARNING: appid: no entry in appMapping.data for 3197
WARNING: appid: no entry in appMapping.data for 300
WARNING: appid: no entry in appMapping.data for 300
WARNING: appid: no entry in appMapping.data for 290
WARNING: appid: no entry in appMapping.data for 290
WARNING: appid: no entry in appMapping.data for 302
WARNING: appid: no entry in appMapping.data for 302
WARNING: appid: no entry in appMapping.data for 291
WARNING: appid: no entry in appMapping.data for 291
WARNING: appid: no entry in appMapping.data for 337
WARNING: appid: no entry in appMapping.data for 337
WARNING: appid: no entry in appMapping.data for 339
WARNING: appid: no entry in appMapping.data for 339
WARNING: appid: no entry in appMapping.data for 358
WARNING: appid: no entry in appMapping.data for 358
WARNING: appid: no entry in appMapping.data for 361
WARNING: appid: no entry in appMapping.data for 361
WARNING: appid: no entry in appMapping.data for 383
WARNING: appid: no entry in appMapping.data for 383
WARNING: appid: no entry in appMapping.data for 384
WARNING: appid: no entry in appMapping.data for 384
WARNING: appid: no entry in appMapping.data for 385
WARNING: appid: no entry in appMapping.data for 385
WARNING: appid: no entry in appMapping.data for 843
WARNING: appid: no entry in appMapping.data for 843
WARNING: appid: no entry in appMapping.data for 3938
WARNING: appid: no entry in appMapping.data for 388
WARNING: appid: no entry in appMapping.data for 388
WARNING: appid: no entry in appMapping.data for 419
WARNING: appid: no entry in appMapping.data for 419
WARNING: appid: no entry in appMapping.data for 418
WARNING: appid: no entry in appMapping.data for 418
WARNING: appid: no entry in appMapping.data for 439
WARNING: appid: no entry in appMapping.data for 439
WARNING: appid: no entry in appMapping.data for 434
WARNING: appid: no entry in appMapping.data for 434
WARNING: appid: no entry in appMapping.data for 437
WARNING: appid: no entry in appMapping.data for 437
WARNING: appid: no entry in appMapping.data for 3396
WARNING: appid: no entry in appMapping.data for 3396
WARNING: appid: no entry in appMapping.data for 513
WARNING: appid: no entry in appMapping.data for 513
WARNING: appid: no entry in appMapping.data for 2313
WARNING: appid: no entry in appMapping.data for 2313
WARNING: appid: no entry in appMapping.data for 90
WARNING: appid: no entry in appMapping.data for 90
--------------------------------------------------
pcap DAQ configured to passive.

Snort successfully validated the configuration (with 72 warnings).

----------------------- 
---------------------------------------------------------------------------------------

Because of file that I could not find the installation outcome is 
different. No idea how to fix.

what can I do? Thank you in advance.

Kindest regards,

Chihwah Li


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190514/2dff0b1d/attachment.html>


More information about the Snort-users mailing list