Snort mailing list archives

improper warning with snort 3.0.1 b2

From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Sat, 25 Apr 2020 18:51:18 +0200

I'm not sure the following warning should be displayed when running snort 3
with OpenAppID enabled.  I suspect it will confuse less technical users and
users that aren't experienced with OpenAppID.  It might seem like a small
thing, but I tend to get emails from people following the Ubuntu Snort++
guide who get stuck because they think the below warning is a fatal error.

The warning is:* WARNING: appid: no lua detectors found in directory
'/usr/local/lib/custom/lua/*'*

Running snort as follows:

snort -c /usr/local/etc/snort/snort.lua --warn-all


only modification to the default snort.lua is to enabled OpenAppID:

appid =
 {
     app_detector_dir = '/usr/local/lib',

}


the output:

...
Finished /usr/local/etc/snort/snort.lua:
WARNING: appid: no lua detectors found in directory
'/usr/local/lib/custom/lua/*'
--------------------------------------------------
pcap DAQ configured to passive.

Snort successfully validated the configuration (with 1 warnings).
o")~   Snort exiting

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

improper warning with snort 3.0.1 b2 Noah Dietrich (Apr 25)
- Re: improper warning with snort 3.0.1 b2 Russ Combs (rucombs) via Snort-devel (Apr 26)