• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort problem starting with application enable

Scheduled Pinned Locked Moved IDS/IPS
7 Posts 3 Posters 744 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Simbad
    last edited by May 5, 2019, 7:26 PM

    Snort problem starting

    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26300) appid metadata "deals_direct" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26297) appid metadata "apple_update" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26296) appid metadata "facebook_apps" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26294) appid metadata "citrix_ima" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26292) appid metadata "bt" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26280) appid metadata "citrix_online" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26278) appid metadata "yahoo_toolbar" unknown.
May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26277) appid metadata "ad_advisor" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3571) threshold (in rule) is deprecated; use detection_filter instead.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3019) appid metadata "entrust_adminis" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3018) appid metadata "direct_tv_ticke" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3017) appid metadata "direct_tv_softw" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3015) appid metadata "dataramp_svr" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3011) appid metadata "customer_ixchan" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3010) appid metadata "creative_partne" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3006) appid metadata "ca_intl_license" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3003) appid metadata "western_digital" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3002) appid metadata "wd_softwares_do" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3000) appid metadata "livejournal_pos" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2998) appid metadata "common_trace_fa" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2987) appid metadata "apertus_tech_lo" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2985) appid metadata "aeolon_core_pro" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2984) appid metadata "adobe_postscrip" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2981) appid metadata "google_helpouts" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2980) appid metadata "dena_websites" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2979) appid metadata "dena_comm" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2973) appid metadata "mercado_livre" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2965) appid metadata "adobe_analytics" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2964) appid metadata "yahoo_mobage" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2963) appid metadata "zhihu" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2959) appid metadata "european_union" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2957) appid metadata "harvard_univ" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2956) appid metadata "standford_univ" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2953) appid metadata "gnu_project" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2949) appid metadata "library_of_cong" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2944) appid metadata "nest_thermostat" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2940) appid metadata "integromedb" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2937) appid metadata "arizona_public" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2936) appid metadata "sky" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2935) appid metadata "new_relic" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2930) appid metadata "hotels" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2929) appid metadata "google_url_shrt" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2928) appid metadata "dilbert" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2927) appid metadata "baltimore_sun" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2923) appid metadata "china_news" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2922) appid metadata "la_times" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2916) appid metadata "telemetry" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2915) appid metadata "tritone_hosting" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2913) appid metadata "crowd_science" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2911) appid metadata "dc_storm" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2910) appid metadata "telecom_express" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2905) appid metadata "dynamic_logic" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2901) appid metadata "enovance" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2897) appid metadata "sitara_server" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2896) appid metadata "sitara_manageme" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2895) appid metadata "sitara_dir" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2884) appid metadata "stock_ixchange" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2879) appid metadata "technical_analy" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2874) appid metadata "survey_measurem" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2867) appid metadata "transport_indep" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2851) appid metadata "world_fusion" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2844) appid metadata "trunk-2_protoco" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2843) appid metadata "trunk-1_protoco" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2842) appid metadata "packet_radio_me" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2840) appid metadata "dcn_measurement" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2838) appid metadata "cross_net_debug" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2837) appid metadata "emission_contro" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2834) appid metadata "bbn_rcc" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2827) appid metadata "idpr_control_me" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2815) appid metadata "satnet_and_back" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2812) appid metadata "cp_network_exec" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2811) appid metadata "cp_heart_beat" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2810) appid metadata "wang_span" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2804) appid metadata "encapsulation_h" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2780) appid metadata "airsoft_powerbu" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2778) appid metadata "service_status_" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2776) appid metadata "achetez_facile" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2772) appid metadata "line_media" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2760) appid metadata "fb_notes" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2758) appid metadata "iec-104" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2755) appid metadata "100ye.com" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2754) appid metadata "level_3" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2752) appid metadata "speedtest_uploa" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2751) appid metadata "bootstrap_cdn" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2750) appid metadata "iso_ip" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2749) appid metadata "ad_master" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2748) appid metadata "ad_tech" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2747) appid metadata "parc_universal_" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2745) appid metadata "people's_daily" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2744) appid metadata "china_daily" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2743) appid metadata "guangming_onlin" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2734) appid metadata "maxpoint_intera" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2733) appid metadata "six_apart" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2731) appid metadata "adometry" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2729) appid metadata "engage_bdr" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2728) appid metadata "resonate_networ" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2727) appid metadata "core_audience" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2725) appid metadata "x_plus_one" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2724) appid metadata "aggregate_knowl" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2723) appid metadata "ybrant_digital" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2717) appid metadata "integral_ad_sci" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2716) appid metadata "ohana" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2713) appid metadata "cognitive_match" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2708) appid metadata "effective_measu" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2697) appid metadata "the_trade_desk" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2695) appid metadata "sli_systems" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2694) appid metadata "247_inc." unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2689) appid metadata "east_money" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2679) appid metadata "improve_digital" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2677) appid metadata "the_independent" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2674) appid metadata "southern_living" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2672) appid metadata "the_atlantic" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2670) appid metadata "spc_media" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2669) appid metadata "scorecard_resea" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2656) appid metadata "cbs_interactive" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2644) appid metadata "rainmeter" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2643) appid metadata "connexion_clnt" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2642) appid metadata "drugs" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2641) appid metadata "fifth_third_ban" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2640) appid metadata "johns_switcher" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2639) appid metadata "hollywood_reprt" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2635) appid metadata "oracle_sites" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2634) appid metadata "postini" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2633) appid metadata "seattle_times" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2631) appid metadata "feedly_fetcher" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2630) appid metadata "easou_spider" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2629) appid metadata "wordreference" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2626) appid metadata "the_onion" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2625) appid metadata "free_dict" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2624) appid metadata "daily_beast" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2623) appid metadata "de_telegraaf" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2622) appid metadata "detroit_press" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2620) appid metadata "times_union" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2617) appid metadata "american_airlin" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2615) appid metadata "united_airlines" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2614) appid metadata "pnc_bank" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2613) appid metadata "zombo" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2608) appid metadata "new_dist_nw" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2606) appid metadata "liberty_mutual" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2603) appid metadata "state_farm" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2591) appid metadata "jpmorgan" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2589) appid metadata "media_hub" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2587) appid metadata "show_my_weather" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2586) appid metadata "wimp" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2584) appid metadata "blackberry_site" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2582) appid metadata "audible" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2576) appid metadata "bitcoin_forum" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2572) appid metadata "glam" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2571) appid metadata "golf" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2570) appid metadata "clear_channel" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2566) appid metadata "assoc_press" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2564) appid metadata "washtimes" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2563) appid metadata "win_help_client" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2562) appid metadata "google_code" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2560) appid metadata "the_week" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2558) appid metadata "philips_hue" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2556) appid metadata "biography" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2555) appid metadata "i_waste_so_much" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2554) appid metadata "slate_magazine" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2551) appid metadata "space" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2548) appid metadata "google_fiber" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2546) appid metadata "tightrope" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2545) appid metadata "hr_block" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2544) appid metadata "wherecoolthings" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2542) appid metadata "pop_salad" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2541) appid metadata "cute_overload" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2540) appid metadata "people_walmart" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2536) appid metadata "washpost" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2532) appid metadata "flexera_soft" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2531) appid metadata "google_remote_d" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2529) appid metadata "loyalty_innovat" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2528) appid metadata "urban_airship" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2523) appid metadata "58_city" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2520) appid metadata "xinhuanet" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2519) appid metadata "jingdong" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2517) appid metadata "spiegel_online" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2514) appid metadata "the_telegraph" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2513) appid metadata "the_guardian" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2509) appid metadata "apple_developer" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2508) appid metadata "biodigital_huma" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2504) appid metadata "1n1_internet" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2499) appid metadata "livestrong" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2489) appid metadata "examiner" unknown.
May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2488) appid metadata "ny_daily_news" unknown.
    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by May 6, 2019, 2:22 AM

      These errors are saying that the appID name (metadata) specified in the text rule is not being found in the Cisco/Talos provided OpenAppID detectors. I looked a few of these up manually and they appear to be truncated. For example, appid metadata "direct_tv_ticke" is actually listed in the appMappings.data file for OpenAppID as appid metadata "direct_tv_tickers" and appid metadata "direct_tv_softw" is actually listed as appid metadata "direct_tv_software_updates". So from my quick examination it appears the free text rules may have some issues with the AppID names metadata being used in the latest version 319 of the OpenAppID detectors supplied by Cisco/Talos.

      As I mentioned in a different topic thread a few days ago, OpenAppID needs two separate things to work. It needs the Cisco/Talos detectors and then it needs OpenAppID text rules written to take advantage of the provided detectors. The free rules provided in the Snort package were created by a third-party gentleman in Brazil and provided as-is for use by pfSense Snort package users. I noticed that he has not updated that rules package since December of 2017.

      You can go in and manually edit the individual OpenAppID text rules on your firewall. You can find them here: /usr/local/etc/snort/rules. The OpenAppID text rules files all will begin with the prefix "openappid".

      N 1 Reply Last reply Sep 24, 2020, 10:39 PM Reply Quote 0
      • N
        ng_anon @bmeeks
        last edited by Sep 24, 2020, 10:39 PM

        @bmeeks @Simbad

        Is there an easier remedy, other than manual editing on a rule-by-rule basis?

        Perhaps substituting one of the pfSense-managed downloads with something better from snort.org, or another source?

        Is it only the last item in this list that is the broken one? (This list per pfSense Snort Global Settings / Updates)

        Rule Set Name/Publisher

        • Snort Subscriber Ruleset
        • Snort GPLv2 Community Rules
        • Emerging Threats Open Rules
        • Snort OpenAppID Detectors
        • Snort AppID Open Text Rules

        TIA

        1 Reply Last reply Reply Quote 0
        • N
          ng_anon
          last edited by Sep 24, 2020, 10:42 PM

          @bmeeks @Simbad

          Is there an easier remedy, other than manual editing on a rule-by-rule basis?

          Perhaps substituting one of the pfSense-initiated downloads with something else from a different source?

          Is it only the last item in this list that is the broken one? (This list per pfSense Snort Global Settings / Updates)

          Rule Set Name/Publisher

          • Snort Subscriber Ruleset
          • Snort GPLv2 Community Rules
          • Emerging Threats Open Rules
          • Snort OpenAppID Detectors
          • Snort AppID Open Text Rules

          TIA

          B 1 Reply Last reply Sep 25, 2020, 12:13 AM Reply Quote 0
          • B
            bmeeks @ng_anon
            last edited by bmeeks Sep 25, 2020, 12:16 AM Sep 25, 2020, 12:13 AM

            @ng_anon said in Snort problem starting with application enable:

            @bmeeks @Simbad

            Is there an easier remedy, other than manual editing on a rule-by-rule basis?

            Perhaps substituting one of the pfSense-initiated downloads with something else from a different source?

            Is it only the last item in this list that is the broken one? (This list per pfSense Snort Global Settings / Updates)

            Rule Set Name/Publisher

            • Snort Subscriber Ruleset
            • Snort GPLv2 Community Rules
            • Emerging Threats Open Rules
            • Snort OpenAppID Detectors
            • Snort AppID Open Text Rules

            TIA

            I know of no other source for OpenAppID rules. The Snort team only produces the rule stubs which do the actual detection within the binary code. The text rules are necessary in order for the alerting engine of Snort to work and thus for pfSense to also block on the alerts.

            I'm not saying there is no other source of the text rules, but I am not aware of any other free source. There is a lot of skill and labor involved in creating such rules, so I doubt many companies (if any) would be interested in making that labor investment and then giving the result away for free. The text rules hosted by the Netgate team were developed by folks at a University in Brazil (so think non-profit research most likely).

            You can trying using the modifysid functionality on the SID MGMT tab. That configuration file can be used with Perl regular expressions to match on and then modify the content of rules. If you are really good with PCRE, you might have some luck there making global changes to OpenAppID text rules. To see the SID MGMT options, go to that tab and click the Enable checkbox.

            1 Reply Last reply Reply Quote 0
            • N
              ng_anon
              last edited by Oct 30, 2020, 4:08 PM

              Thank you @bmeeks .
              I'm able to create my own alert text rules for AppID events (using Snort Interface 'custom.rules' category).
              Where do AppID SIDS (sig_ids) come from? In the 2017 appid.rules file, the SIDS are in the 70,000 range.
              I've read that I can create my own SIDS > 1,000,000.
              In general, is there a Snort master list of GIDS/SIDS somewhere?

              B 1 Reply Last reply Oct 30, 2020, 4:25 PM Reply Quote 0
              • B
                bmeeks @ng_anon
                last edited by Oct 30, 2020, 4:25 PM

                @ng_anon said in Snort problem starting with application enable:

                Where do AppID SIDS (sig_ids) come from? In the 2017 appid.rules file, the SIDS are in the 70,000 range.
                I've read that I can create my own SIDS > 1,000,000.
                In general, is there a Snort master list of GIDS/SIDS somewhere?

                Each rule author is free to choose their own SIDs with the caveat that there can be no duplicates. So usually individuals writing their own custom rules start at 1,000,000 (one million) and go up from there.

                I am not aware of any "master list". There are some links you can find on Google that suggest some best practices. Certain of the low SID ranges have been reserved for the Snort team themselves. There is a little bit of info here: https://www.sbarjatiya.com/notes_wiki/index.php/Snort_general_rule_options.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  [[user:consent.lead]]
                  [[user:consent.not_received]]