Snort mailing list archives
Re: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30)
From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 7 Jun 2022 13:15:08 +0000
You got the error because the dump DAQ module does not support these DAQ variables you are setting on the command line. They look like afpacket variables. Check the DAQ READMEs to select and configure an appropriate module for your needs. ________________________________ From: Snort-users <snort-users-bounces () lists snort org> on behalf of Akshay Prabhakar via Snort-users <snort-users () lists snort org> Sent: Monday, June 6, 2022 6:20 PM To: Dorian ROSSE <dorianbrice () hotmail fr> Cc: Snort-users () lists snort org <snort-users () lists snort org>; snort-devel () lists snort org <snort-devel () lists snort org> Subject: Re: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30) i fall on this error since i have install the rules for the next last snort 2.3.30 : '''~/snort_src/snort3-3.1.21.0$ sudo snort -c /usr/local/etc/snort/snort.lua --daq-dir ../libdaq-3.0.7 --daq pcap --daq dump --daq-var lb_total=4 --daq-var fanout_type=hash -s 65535 -k all -l /var/log/snort -i enp0s25 --daq-var lb_id=1 -i wlp3s0 --daq-var lb_id=2 -z 2 -m 0x1b -------------------------------------------------- o")~ Snort++ 3.1.21.0 -------------------------------------------------- Loading /usr/local/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: Loading inline.lua: Finished inline.lua: Loading talos.lua: Finished talos.lua: trace output alert_json ips dnp3 binder wizard detection reputation Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist Reputation entries loaded: 801, invalid: 0, re-defined: 0 (from file /usr/local/etc/snort/../lists/default.blocklist) appid file_policy file_id http2_inspect dce_tcp active dns references classifications arp_spoof snort ERROR: /usr/local/etc/snort/snort.lua: snort.--daq-var is invalid stream_user stream_tcp stream_icmp stream_ip profiler alert_talos stream stream_udp stream_file back_orifice imap iec104 modbus netflow normalizer pop rpc_decode sip ssh ssl telnet dce_smb dce_udp dce_http_proxy dce_http_server gtp_inspect port_scan smtp ftp_server ftp_client ftp_data http_inspect alerts daq decode host_cache host_tracker hosts network packets process search_engine so_proxy Finished /usr/local/etc/snort/snort.lua: -------------------------------------------------- rule counts total rules loaded: 600 builtin rules: 600 option chains: 600 chain headers: 1 -------------------------------------------------- port rule counts tcp udp icmp ip any 600 0 0 0 total 600 0 0 0 -------------------------------------------------- ips policies rule stats id loaded shared enabled file 0 600 0 600 /usr/local/etc/snort/snort.lua -------------------------------------------------- dump:pcap DAQ configured to inline. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. On Wed, May 25, 2022 at 12:23 AM Dorian ROSSE via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>> wrote: hello, i fall on this error since i have install the rules for the next last snort 2.3.30 : '''~/snort_src/snort3-3.1.21.0$ sudo snort -c /usr/local/etc/snort/snort.lua --daq-dir ../libdaq-3.0.7 --daq pcap --daq dump --daq-var lb_total=4 --daq-var fanout_type=hash -s 65535 -k all -l /var/log/snort -i enp0s25 --daq-var lb_id=1 -i wlp3s0 --daq-var lb_id=2 -z 2 -m 0x1b -------------------------------------------------- o")~ Snort++ 3.1.21.0 -------------------------------------------------- Loading /usr/local/etc/snort/snort.lua: Loading snort_defaults.lua: Finished snort_defaults.lua: Loading file_magic.lua: Finished file_magic.lua: Loading inline.lua: Finished inline.lua: Loading talos.lua: Finished talos.lua: trace output alert_json ips dnp3 binder wizard detection reputation Processing blocklist file /usr/local/etc/snort/../lists/default.blocklist Reputation entries loaded: 801, invalid: 0, re-defined: 0 (from file /usr/local/etc/snort/../lists/default.blocklist) appid file_policy file_id http2_inspect dce_tcp active dns references classifications arp_spoof snort ERROR: /usr/local/etc/snort/snort.lua: snort.--daq-var is invalid stream_user stream_tcp stream_icmp stream_ip profiler alert_talos stream stream_udp stream_file back_orifice imap iec104 modbus netflow normalizer pop rpc_decode sip ssh ssl telnet dce_smb dce_udp dce_http_proxy dce_http_server gtp_inspect port_scan smtp ftp_server ftp_client ftp_data http_inspect alerts daq decode host_cache host_tracker hosts network packets process search_engine so_proxy Finished /usr/local/etc/snort/snort.lua: -------------------------------------------------- rule counts total rules loaded: 600 builtin rules: 600 option chains: 600 chain headers: 1 -------------------------------------------------- port rule counts tcp udp icmp ip any 600 0 0 0 total 600 0 0 0 -------------------------------------------------- ips policies rule stats id loaded shared enabled file 0 600 0 600 /usr/local/etc/snort/snort.lua -------------------------------------------------- dump:pcap DAQ configured to inline. FATAL: see prior 1 errors (0 warnings) Fatal Error, Quitting.. ''' i don't understand the error, thanks you in advance to help myself fully repair this snort or since the other e-mail for snort 2.3.30, Regards. Dorian ROSSE. _______________________________________________ Snort-users mailing list Snort-users () lists snort org<mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org> Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette -- WITH REGARDS AKSHAY.K.PRABHAKAR akshayk.prabhakar () gmail com<mailto:akshayk.prabhakar () gmail com>
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30) Russ Combs (rucombs) via Snort-devel (Jun 07)
- Message not available
- Re: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30) Russ Combs (rucombs) via Snort-devel (Jun 07)
- Re: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30) Dorian ROSSE via Snort-devel (Jun 13)
- Re: [Snort-users] snort 2.3.21 new error after install the rules for the next last snort (2.3.30) Russ Combs (rucombs) via Snort-devel (Jun 07)
- Message not available