System log full of snort errors without configuration change
-
Hi all,
since a few days (I don't know exactly since when - I would have to check all syslogs) my system log is full of the same snort error. But I didn't change anything in the snort configuration since a long time.
What I did now is to upgrade to the latest snort version but this didn't help.I don't know what to do with this error and beg for help!!
snort[3888]: server /usr/pbi/snort-amd64/etc/snort/appid//odp/lua/service_EIP.lua: error validating …snort-amd64/etc/snort/appid//odp/libs/DetectorCommon.lua:318: table index is nil
snort[3888]: server /usr/pbi/snort-amd64/etc/snort/appid//odp/lua/service_EIP.lua: error validating …snort-amd64/etc/snort/appid//odp/libs/DetectorCommon.lua:318: table index is nil
snort[3888]: server /usr/pbi/snort-amd64/etc/snort/appid//odp/lua/service_EIP.lua: error validating …snort-amd64/etc/snort/appid//odp/libs/DetectorCommon.lua:318: table index is nil
snort[3888]: server /usr/pbi/snort-amd64/etc/snort/appid//odp/lua/service_EIP.lua: error validating …snort-amd64/etc/snort/appid//odp/libs/DetectorCommon.lua:318: table index is nil -
Some others have reported this error. It is apparently related to the most recent OpenAppID detectors update released by the Snort VRT. This error should only appear if you have OpenAppID detection enabled (via the OpenAppID preprocessor).
The Snort VRT is aware and will fix it in the next update. Here is a relevant post from the Snort OpenAppID mailing list – http://sourceforge.net/p/snort/mailman/message/33504331/
Bill
-
Ok, thanks for the info!!
