Snort OpenAppID



  • Hi

    I have configured Snort with OpenAPPID by following Netgate documentation. Everything seems to be working correctly so far with one problem. Not all applications are detected. I have enabled all rules except 6 rules below. I can see firefox, chrome, godaddy, facebook and avast detected. However I cannot see Youtube or SSH detected when I open Youtube or ssh from a host in the network. However running lynx is detected. These are rules that not enabled:

    openappid-database.rules
    openappid-mail.rules
    openappid-network_manager.rules
    openappid-network_protocol.rules
    openappid-search_enginer_portal.rules
    openappid-software_update.rules

    So I think ssh and Youtube should be detected.

    Please help.