Snort 2.9.7.0 pkg v3.2.1 Update Release Notes

bmeeks

@TieT:

I'm getting the same errors on the App ID

Jan 13 12:06:16 fw1 snort[65321]: AppInfo: AppId 740 is UNKNOWN
Jan 13 12:06:16 fw1 snort[65321]: AppInfo: AppId 740 is UNKNOWN
Jan 13 12:06:16 fw1 snort[65321]: AppInfo: AppId 3861 is UNKNOWN
Jan 13 12:06:16 fw1 snort[65321]: AppInfo: AppId 3885 is UNKNOWN
Jan 13 12:06:16 fw1 snort[65321]: AppInfo: AppId 699 is UNKNOWN

Jan 12 12:06:41 fw1 check_reload_status: Syncing firewall
Jan 12 17:45:00 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 17:45:00 fw1 snort[21362]: invalid appid in appStatRecord (2734)
Jan 12 17:45:00 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 17:45:00 fw1 snort[26114]: invalid appid in appStatRecord (2734)
Jan 12 18:10:07 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:10:07 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 18:15:02 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 18:15:02 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:20:16 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:20:16 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 18:25:10 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 18:25:10 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:35:01 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:35:01 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 18:40:02 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 18:40:02 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:45:00 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 18:45:00 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:00:07 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 19:00:07 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:05:04 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:05:04 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 19:15:07 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:15:07 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 19:45:05 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 19:45:05 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:50:11 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:50:15 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 19:55:13 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 19:55:13 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 20:02:29 fw1 snort[26114]: invalid appid in appStatRecord (502)
Jan 12 20:04:38 fw1 snort[21362]: invalid appid in appStatRecord (502)
Jan 12 22:20:02 fw1 snort[21362]: invalid appid in appStatRecord (2734)
Jan 12 22:20:02 fw1 snort[26114]: invalid appid in appStatRecord (2734)
Jan 12 22:30:04 fw1 snort[26114]: invalid appid in appStatRecord (186)
Jan 12 22:30:04 fw1 snort[21362]: invalid appid in appStatRecord (186)
Jan 13 10:00:01 fw1 snort[58024]: invalid appid in appStatRecord (3885)

These are issues within the OpenAppID templates themselves that are updated periodically from the Snort.org web site.  When you see these kinds of errors, it means the latest update to the templates contains some errors.  You can check the Snort VRT mail list to see if others are reporting issues.  It's also likely these will magically fix themselves in a future update of the OpenAppID templates.

Bill

core443

Hello,

I tried to get OpenAppId working, but it doesn't want to…

My snort is working, VRT & OpenAppId rules are downloaded. VRT alerts appear.
I followed this tutorial : https://forum.pfsense.org/index.php?topic=84227.0
When I go to reddit, nothing is logged in alerts. Nothing useful in the firewall logs neither.

I'm running pfsense 2.1.5 with the latest version of snort.

Any idea ?

Thanks !