Snort mailing list archives
Re: [Snort3] No Logs created
From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Fri, 18 Sep 2020 15:06:36 +0000
Hi, Your stats don't show any IP traffic, which is why they also don't show any search engine activity. All of your ether traffic is counted as "other". If you send a pcap we can take a look. You can send direct to me if needed. Thanks Russ ________________________________ From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Donald Hoskins via Snort-devel <snort-devel () lists snort org> Sent: Friday, September 18, 2020 9:36 AM To: snort-devel () lists snort org <snort-devel () lists snort org> Subject: [Snort-devel] [Snort3] No Logs created Hi All. I've incorporated Snort++/Snort3 into OpenWrt (kernel 5.4), cross-compiled for mips64 (Octeon3 CN7020AAP1.2 SoC). It starts, *appears* to run, however never(!) drops a log file. My standard invocation: snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /usr/lib/daq --daq afpacket --daq-var debug --daq-var fanout_type=hash --daq-var fanout_flag=defrag -A alert_full --tweaks talos -Q -l /var/log -D You can see the console output (rollover console connection): https://pastebin.com/cbttVv9S If I remove everything not required to get Snort3 running, it seems to run (see below), but again, no logs are actually created: root@OpenWrt:/etc# snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /usr/lib/daq -A alert_full -l /var/log ** caught int signal == stopping [ 2788.642249] device eth0 left promiscuous mode -- [0] eth0:br-lan -------------------------------------------------- Packet Statistics -------------------------------------------------- daq received: 27239 analyzed: 26943 dropped: 279 outstanding: 296 allow: 26943 idle: 1 rx_bytes: 5512129 -------------------------------------------------- codec total: 26943 (100.000%) other: 26943 (100.000%) eth: 26943 (100.000%) -------------------------------------------------- Module Statistics -------------------------------------------------- detection analyzed: 26943 -------------------------------------------------- latency total_packets: 26943 total_usecs: 59918 max_usecs: 578 -------------------------------------------------- Summary Statistics -------------------------------------------------- process signals: 1 -------------------------------------------------- timing runtime: 00:11:24 seconds: 684.664040 packets: 27239 pkts/sec: 39 Any assistance would be greatly appreciated! I checked the IRC channel, but it was suggested a wider knowledge base for Snort3 might be here.
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [Snort3] No Logs created Donald Hoskins via Snort-devel (Sep 18)
- Re: [Snort3] No Logs created Russ Combs (rucombs) via Snort-devel (Sep 18)