Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[Snort3] No Logs created

From: Donald Hoskins via Snort-devel <snort-devel () lists snort org>
Date: Fri, 18 Sep 2020 09:36:14 -0400
Hi All.

I've incorporated Snort++/Snort3 into OpenWrt (kernel 5.4), cross-compiled
for mips64 (Octeon3 CN7020AAP1.2 SoC).

It starts, *appears* to run, however never(!) drops a log file.

My standard invocation:

snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /usr/lib/daq
--daq afpacket --daq-var debug --daq-var fanout_type=hash --daq-var
fanout_flag=defrag -A alert_full --tweaks talos -Q -l /var/log -D

You can see the console output (rollover console connection):
https://pastebin.com/cbttVv9S

If I remove everything not required to get Snort3 running, it seems to run
(see below), but again, no logs are actually created:

root@OpenWrt:/etc# snort -v -c /etc/snort/snort.lua -i eth0:br-lan
--daq-dir /usr/lib/daq -A alert_full -l /var/log

** caught int signal
== stopping
[ 2788.642249] device eth0 left promiscuous mode
-- [0] eth0:br-lan
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                 received: 27239
                 analyzed: 26943
                  dropped: 279
              outstanding: 296
                    allow: 26943
                     idle: 1
                 rx_bytes: 5512129
--------------------------------------------------
codec
                    total: 26943        (100.000%)
                    other: 26943        (100.000%)
                      eth: 26943        (100.000%)
--------------------------------------------------
Module Statistics
--------------------------------------------------
detection
                 analyzed: 26943
--------------------------------------------------
latency
            total_packets: 26943
              total_usecs: 59918
                max_usecs: 578
--------------------------------------------------
Summary Statistics
--------------------------------------------------
process
                  signals: 1
--------------------------------------------------
timing
                  runtime: 00:11:24
                  seconds: 684.664040
                  packets: 27239
                 pkts/sec: 39


Any assistance would be greatly appreciated!  I checked the IRC channel,
but it was suggested a wider knowledge base for Snort3 might be here.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: