[Snort-users] appid errors after missing file of manual

Dorian ROSSE dorianbrice at hotmail.fr
Wed May 15 06:23:58 EDT 2019


Hello before removed odp go to /usr/local then in local do mkdir cisco then go to cisco folder then mkdir apps

Finaly go to your ‘odp’ folder for do cp */* /usr/local/cisco/apps then do rm -rf odp

Have you do what I advice ?

Have a nice day,

Regards.


Dorian ROSSE.

Provenance : Courrier<https://go.microsoft.com/fwlink/?LinkId=550986> pour Windows 10

________________________________
De : Snort-users <snort-users-bounces at lists.snort.org> de la part de Chihwah Li via Snort-users <snort-users at lists.snort.org>
Envoyé : Tuesday, May 14, 2019 12:16:20 AM
À : snort-users at lists.snort.org
Objet : [Snort-users] appid errors after missing file of manual



What I am trying to do, install AppID from:

https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/138/original/Snort_3.0.0-a4-245_on_Ubuntu_14_16_18.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190513%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190513T174310Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=440a05570e25f4ca2e4183f853fa717646a9c125ca2b5b8a7569a247e19cba30

Does not work in your guide:
wget https://www.snort.org/downloads/openappid/7630 -O OpenAppId-7630.tar.gz


I improvised and changed to :
wget https://www.snort.org/downloads/openappid/10229 -O snort-openappid.tar.gz


But after trying out with $ snort -c /usr/local/etc/snort/snort.lua --warn-all

I receive the errors:

o")~   Snort++ 3.0.0-255
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
    ssh
    host_cache
    pop
    binder
    stream_tcp
    network
    gtp_inspect
    packets
    dce_http_proxy
    stream_icmp
    normalizer
    ftp_server
    stream_udp
    search_engine
    ips
    dce_smb
    latency
    wizard
    appid
    file_id
    ftp_data
    hosts
    smtp
    port_scan
    dce_http_server
    modbus
    dce_tcp
    telnet
    host_tracker
    ssl
    sip
    rpc_decode
    http2_inspect
    http_inspect
    back_orifice
    stream_user
    stream_ip
    classifications
    dnp3
    active
    ftp_client
    daq
    decode
    alerts
    stream
    references
    arp_spoof
    output
    dns
    dce_udp
    imap
    process
    stream_file
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
rule counts
       total rules loaded: 476
            builtin rules: 476
            option chains: 476
            chain headers: 1
--------------------------------------------------
port rule counts
             tcp     udp    icmp      ip
     any     476       0       0       0
   total     476       0       0       0
WARNING: appid: no lua detectors found in directory '/usr/local/lib/custom/lua/*'
WARNING: appid: no entry in appMapping.data for 3588
WARNING: appid: no entry in appMapping.data for 3589
WARNING: appid: no entry in appMapping.data for 110
WARNING: appid: no entry in appMapping.data for 276
WARNING: appid: no entry in appMapping.data for 65
WARNING: appid: no entry in appMapping.data for 65
WARNING: appid: no entry in appMapping.data for 131
WARNING: appid: no entry in appMapping.data for 131
WARNING: appid: no entry in appMapping.data for 41
WARNING: appid: no entry in appMapping.data for 41
WARNING: appid: no entry in appMapping.data for 115
WARNING: appid: no entry in appMapping.data for 115
WARNING: appid: no entry in appMapping.data for 3834
WARNING: appid: no entry in appMapping.data for 3834
WARNING: appid: no entry in appMapping.data for 197
WARNING: appid: no entry in appMapping.data for 197
WARNING: appid: no entry in appMapping.data for 199
WARNING: appid: no entry in appMapping.data for 199
WARNING: appid: no entry in appMapping.data for 228
WARNING: appid: no entry in appMapping.data for 228
WARNING: appid: no entry in appMapping.data for 227
WARNING: appid: no entry in appMapping.data for 227
WARNING: appid: no entry in appMapping.data for 249
WARNING: appid: no entry in appMapping.data for 249
WARNING: appid: no entry in appMapping.data for 3197
WARNING: appid: no entry in appMapping.data for 3197
WARNING: appid: no entry in appMapping.data for 300
WARNING: appid: no entry in appMapping.data for 300
WARNING: appid: no entry in appMapping.data for 290
WARNING: appid: no entry in appMapping.data for 290
WARNING: appid: no entry in appMapping.data for 302
WARNING: appid: no entry in appMapping.data for 302
WARNING: appid: no entry in appMapping.data for 291
WARNING: appid: no entry in appMapping.data for 291
WARNING: appid: no entry in appMapping.data for 337
WARNING: appid: no entry in appMapping.data for 337
WARNING: appid: no entry in appMapping.data for 339
WARNING: appid: no entry in appMapping.data for 339
WARNING: appid: no entry in appMapping.data for 358
WARNING: appid: no entry in appMapping.data for 358
WARNING: appid: no entry in appMapping.data for 361
WARNING: appid: no entry in appMapping.data for 361
WARNING: appid: no entry in appMapping.data for 383
WARNING: appid: no entry in appMapping.data for 383
WARNING: appid: no entry in appMapping.data for 384
WARNING: appid: no entry in appMapping.data for 384
WARNING: appid: no entry in appMapping.data for 385
WARNING: appid: no entry in appMapping.data for 385
WARNING: appid: no entry in appMapping.data for 843
WARNING: appid: no entry in appMapping.data for 843
WARNING: appid: no entry in appMapping.data for 3938
WARNING: appid: no entry in appMapping.data for 388
WARNING: appid: no entry in appMapping.data for 388
WARNING: appid: no entry in appMapping.data for 419
WARNING: appid: no entry in appMapping.data for 419
WARNING: appid: no entry in appMapping.data for 418
WARNING: appid: no entry in appMapping.data for 418
WARNING: appid: no entry in appMapping.data for 439
WARNING: appid: no entry in appMapping.data for 439
WARNING: appid: no entry in appMapping.data for 434
WARNING: appid: no entry in appMapping.data for 434
WARNING: appid: no entry in appMapping.data for 437
WARNING: appid: no entry in appMapping.data for 437
WARNING: appid: no entry in appMapping.data for 3396
WARNING: appid: no entry in appMapping.data for 3396
WARNING: appid: no entry in appMapping.data for 513
WARNING: appid: no entry in appMapping.data for 513
WARNING: appid: no entry in appMapping.data for 2313
WARNING: appid: no entry in appMapping.data for 2313
WARNING: appid: no entry in appMapping.data for 90
WARNING: appid: no entry in appMapping.data for 90
--------------------------------------------------
pcap DAQ configured to passive.

Snort successfully validated the configuration (with 72 warnings).

----------------------- ---------------------------------------------------------------------------------------

Because of file that I could not find the installation outcome is different. No idea how to fix.

what can I do? Thank you in advance.

Kindest regards,

Chihwah Li

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190515/fd2c0aec/attachment.html>


More information about the Snort-users mailing list