appid on facebook not working



  • Hello,
    I tried to use appid on lan interface and enable the facebook rule but the facebook still working ..
    so what the problem ?
    thanks.



  • Did you enable the AppID preprocessor on the PREPROCESSORS tab for your LAN interface?

    Did you enable the download of both the AppID rule stubs and the AppID text rules on the GLOBAL SETTINGS tab?

    Did you restart Snort on the LAN interface after you did the above steps?



  • Hello,
    yes I am already do it .
    thanks.



  • @aminbaik said in appid on facebook not working:

    Hello,
    yes I am already do it .
    thanks.

    One last item I forgot to mention in my previous post is to be sure the AppID rules are actually enabled on the CATEGORIES tab as well. You will see a column for them. Put checkmarks next to all of the OpenAppID categories you want to use. Click SAVE and then APPLY when finished on that tab.

    So five things in total to check:

    1. OpenAppID rule stubs and text rules are enabled for download on the GLOBAL SETTINGS tab.

    2. On the UPDATES tab verify the AppID rules show a MD5 checksum and a date. If not, update the rules by clicking the Update button.

    3. Go to the PREPROCESSORS tab and expand the OpenAppID section and enable the preprocessor.

    4. Go to the CATEGORIES tab and enable the OpenAppID rule categories you wish to utilize. Click Save and then Apply on that tab.

    5. Restart Snort on the interface using the icons on the INTERFACES tab.

    That should result in a significant number of alerts from AppID.



  • @bmeeks said in appid on facebook not working:

    bled o

    it's already enabled.
    thanks.



  • @aminbaik said in appid on facebook not working:

    @bmeeks said in appid on facebook not working:

    bled o

    it's already enabled.
    thanks.

    If you have done all five things I listed in my post above, then you should get alerts from AppID when visiting Facebook. Now that assumes the device you are using to test actually has its network traffic traversing the firewall interface where Snort and OpenAppID are configured.

    Lots of users have OpenAppID working on Snort.