Snort problem starting with application enable



  • Snort problem starting

    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26300) appid metadata "deals_direct" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26297) appid metadata "apple_update" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26296) appid metadata "facebook_apps" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26294) appid metadata "citrix_ima" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26292) appid metadata "bt" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26280) appid metadata "citrix_online" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26278) appid metadata "yahoo_toolbar" unknown.
    May 5 21:23:19	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(26277) appid metadata "ad_advisor" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3571) threshold (in rule) is deprecated; use detection_filter instead.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3019) appid metadata "entrust_adminis" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3018) appid metadata "direct_tv_ticke" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3017) appid metadata "direct_tv_softw" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3015) appid metadata "dataramp_svr" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3011) appid metadata "customer_ixchan" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3010) appid metadata "creative_partne" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3006) appid metadata "ca_intl_license" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3003) appid metadata "western_digital" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3002) appid metadata "wd_softwares_do" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(3000) appid metadata "livejournal_pos" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2998) appid metadata "common_trace_fa" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2987) appid metadata "apertus_tech_lo" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2985) appid metadata "aeolon_core_pro" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2984) appid metadata "adobe_postscrip" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2981) appid metadata "google_helpouts" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2980) appid metadata "dena_websites" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2979) appid metadata "dena_comm" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2973) appid metadata "mercado_livre" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2965) appid metadata "adobe_analytics" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2964) appid metadata "yahoo_mobage" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2963) appid metadata "zhihu" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2959) appid metadata "european_union" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2957) appid metadata "harvard_univ" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2956) appid metadata "standford_univ" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2953) appid metadata "gnu_project" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2949) appid metadata "library_of_cong" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2944) appid metadata "nest_thermostat" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2940) appid metadata "integromedb" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2937) appid metadata "arizona_public" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2936) appid metadata "sky" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2935) appid metadata "new_relic" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2930) appid metadata "hotels" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2929) appid metadata "google_url_shrt" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2928) appid metadata "dilbert" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2927) appid metadata "baltimore_sun" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2923) appid metadata "china_news" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2922) appid metadata "la_times" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2916) appid metadata "telemetry" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2915) appid metadata "tritone_hosting" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2913) appid metadata "crowd_science" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2911) appid metadata "dc_storm" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2910) appid metadata "telecom_express" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2905) appid metadata "dynamic_logic" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2901) appid metadata "enovance" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2897) appid metadata "sitara_server" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2896) appid metadata "sitara_manageme" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2895) appid metadata "sitara_dir" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2884) appid metadata "stock_ixchange" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2879) appid metadata "technical_analy" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2874) appid metadata "survey_measurem" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2867) appid metadata "transport_indep" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2851) appid metadata "world_fusion" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2844) appid metadata "trunk-2_protoco" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2843) appid metadata "trunk-1_protoco" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2842) appid metadata "packet_radio_me" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2840) appid metadata "dcn_measurement" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2838) appid metadata "cross_net_debug" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2837) appid metadata "emission_contro" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2834) appid metadata "bbn_rcc" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2827) appid metadata "idpr_control_me" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2815) appid metadata "satnet_and_back" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2812) appid metadata "cp_network_exec" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2811) appid metadata "cp_heart_beat" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2810) appid metadata "wang_span" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2804) appid metadata "encapsulation_h" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2780) appid metadata "airsoft_powerbu" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2778) appid metadata "service_status_" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2776) appid metadata "achetez_facile" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2772) appid metadata "line_media" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2760) appid metadata "fb_notes" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2758) appid metadata "iec-104" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2755) appid metadata "100ye.com" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2754) appid metadata "level_3" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2752) appid metadata "speedtest_uploa" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2751) appid metadata "bootstrap_cdn" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2750) appid metadata "iso_ip" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2749) appid metadata "ad_master" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2748) appid metadata "ad_tech" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2747) appid metadata "parc_universal_" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2745) appid metadata "people's_daily" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2744) appid metadata "china_daily" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2743) appid metadata "guangming_onlin" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2734) appid metadata "maxpoint_intera" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2733) appid metadata "six_apart" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2731) appid metadata "adometry" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2729) appid metadata "engage_bdr" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2728) appid metadata "resonate_networ" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2727) appid metadata "core_audience" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2725) appid metadata "x_plus_one" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2724) appid metadata "aggregate_knowl" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2723) appid metadata "ybrant_digital" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2717) appid metadata "integral_ad_sci" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2716) appid metadata "ohana" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2713) appid metadata "cognitive_match" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2708) appid metadata "effective_measu" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2697) appid metadata "the_trade_desk" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2695) appid metadata "sli_systems" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2694) appid metadata "247_inc." unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2689) appid metadata "east_money" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2679) appid metadata "improve_digital" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2677) appid metadata "the_independent" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2674) appid metadata "southern_living" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2672) appid metadata "the_atlantic" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2670) appid metadata "spc_media" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2669) appid metadata "scorecard_resea" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2656) appid metadata "cbs_interactive" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2644) appid metadata "rainmeter" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2643) appid metadata "connexion_clnt" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2642) appid metadata "drugs" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2641) appid metadata "fifth_third_ban" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2640) appid metadata "johns_switcher" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2639) appid metadata "hollywood_reprt" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2635) appid metadata "oracle_sites" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2634) appid metadata "postini" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2633) appid metadata "seattle_times" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2631) appid metadata "feedly_fetcher" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2630) appid metadata "easou_spider" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2629) appid metadata "wordreference" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2626) appid metadata "the_onion" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2625) appid metadata "free_dict" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2624) appid metadata "daily_beast" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2623) appid metadata "de_telegraaf" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2622) appid metadata "detroit_press" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2620) appid metadata "times_union" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2617) appid metadata "american_airlin" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2615) appid metadata "united_airlines" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2614) appid metadata "pnc_bank" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2613) appid metadata "zombo" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2608) appid metadata "new_dist_nw" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2606) appid metadata "liberty_mutual" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2603) appid metadata "state_farm" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2591) appid metadata "jpmorgan" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2589) appid metadata "media_hub" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2587) appid metadata "show_my_weather" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2586) appid metadata "wimp" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2584) appid metadata "blackberry_site" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2582) appid metadata "audible" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2576) appid metadata "bitcoin_forum" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2572) appid metadata "glam" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2571) appid metadata "golf" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2570) appid metadata "clear_channel" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2566) appid metadata "assoc_press" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2564) appid metadata "washtimes" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2563) appid metadata "win_help_client" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2562) appid metadata "google_code" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2560) appid metadata "the_week" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2558) appid metadata "philips_hue" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2556) appid metadata "biography" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2555) appid metadata "i_waste_so_much" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2554) appid metadata "slate_magazine" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2551) appid metadata "space" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2548) appid metadata "google_fiber" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2546) appid metadata "tightrope" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2545) appid metadata "hr_block" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2544) appid metadata "wherecoolthings" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2542) appid metadata "pop_salad" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2541) appid metadata "cute_overload" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2540) appid metadata "people_walmart" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2536) appid metadata "washpost" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2532) appid metadata "flexera_soft" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2531) appid metadata "google_remote_d" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2529) appid metadata "loyalty_innovat" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2528) appid metadata "urban_airship" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2523) appid metadata "58_city" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2520) appid metadata "xinhuanet" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2519) appid metadata "jingdong" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2517) appid metadata "spiegel_online" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2514) appid metadata "the_telegraph" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2513) appid metadata "the_guardian" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2509) appid metadata "apple_developer" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2508) appid metadata "biodigital_huma" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2504) appid metadata "1n1_internet" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2499) appid metadata "livestrong" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2489) appid metadata "examiner" unknown.
    May 5 21:23:18	snort[1763]: WARNING: /usr/local/etc/snort/snort_45743_igb0/rules/snort.rules(2488) appid metadata "ny_daily_news" unknown.
    


  • These errors are saying that the appID name (metadata) specified in the text rule is not being found in the Cisco/Talos provided OpenAppID detectors. I looked a few of these up manually and they appear to be truncated. For example, appid metadata "direct_tv_ticke" is actually listed in the appMappings.data file for OpenAppID as appid metadata "direct_tv_tickers" and appid metadata "direct_tv_softw" is actually listed as appid metadata "direct_tv_software_updates". So from my quick examination it appears the free text rules may have some issues with the AppID names metadata being used in the latest version 319 of the OpenAppID detectors supplied by Cisco/Talos.

    As I mentioned in a different topic thread a few days ago, OpenAppID needs two separate things to work. It needs the Cisco/Talos detectors and then it needs OpenAppID text rules written to take advantage of the provided detectors. The free rules provided in the Snort package were created by a third-party gentleman in Brazil and provided as-is for use by pfSense Snort package users. I noticed that he has not updated that rules package since December of 2017.

    You can go in and manually edit the individual OpenAppID text rules on your firewall. You can find them here: /usr/local/etc/snort/rules. The OpenAppID text rules files all will begin with the prefix "openappid".



  • @bmeeks @Simbad

    Is there an easier remedy, other than manual editing on a rule-by-rule basis?

    Perhaps substituting one of the pfSense-managed downloads with something better from snort.org, or another source?

    Is it only the last item in this list that is the broken one? (This list per pfSense Snort Global Settings / Updates)

    Rule Set Name/Publisher

    • Snort Subscriber Ruleset
    • Snort GPLv2 Community Rules
    • Emerging Threats Open Rules
    • Snort OpenAppID Detectors
    • Snort AppID Open Text Rules

    TIA



  • @bmeeks @Simbad

    Is there an easier remedy, other than manual editing on a rule-by-rule basis?

    Perhaps substituting one of the pfSense-initiated downloads with something else from a different source?

    Is it only the last item in this list that is the broken one? (This list per pfSense Snort Global Settings / Updates)

    Rule Set Name/Publisher

    • Snort Subscriber Ruleset
    • Snort GPLv2 Community Rules
    • Emerging Threats Open Rules
    • Snort OpenAppID Detectors
    • Snort AppID Open Text Rules

    TIA



  • @ng_anon said in Snort problem starting with application enable:

    @bmeeks @Simbad

    Is there an easier remedy, other than manual editing on a rule-by-rule basis?

    Perhaps substituting one of the pfSense-initiated downloads with something else from a different source?

    Is it only the last item in this list that is the broken one? (This list per pfSense Snort Global Settings / Updates)

    Rule Set Name/Publisher

    • Snort Subscriber Ruleset
    • Snort GPLv2 Community Rules
    • Emerging Threats Open Rules
    • Snort OpenAppID Detectors
    • Snort AppID Open Text Rules

    TIA

    I know of no other source for OpenAppID rules. The Snort team only produces the rule stubs which do the actual detection within the binary code. The text rules are necessary in order for the alerting engine of Snort to work and thus for pfSense to also block on the alerts.

    I'm not saying there is no other source of the text rules, but I am not aware of any other free source. There is a lot of skill and labor involved in creating such rules, so I doubt many companies (if any) would be interested in making that labor investment and then giving the result away for free. The text rules hosted by the Netgate team were developed by folks at a University in Brazil (so think non-profit research most likely).

    You can trying using the modifysid functionality on the SID MGMT tab. That configuration file can be used with Perl regular expressions to match on and then modify the content of rules. If you are really good with PCRE, you might have some luck there making global changes to OpenAppID text rules. To see the SID MGMT options, go to that tab and click the Enable checkbox.


Log in to reply