Right but I'm saying what codes says that /etc/snort/homenet.lua overrides the 'any' values defaulted in that file?
Search Criteria
Package Details: snort 3.5.0.0-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/snort.git (read-only, click to copy) |
|---|---|
| Package Base: | snort |
| Description: | A lightweight network IDS /IPS with OpenAppID support. |
| Upstream URL: | https://www.snort.org |
| Licenses: | GPL |
| Submitter: | Snowman |
| Maintainer: | robertfoster |
| Last Packager: | robertfoster |
| Votes: | 65 |
| Popularity: | 0.030460 |
| First Submitted: | 2012-11-16 17:33 (UTC) |
| Last Updated: | 2024-10-30 11:32 (UTC) |
Dependencies (17)
- gperftools (gperftools-gitAUR)
- hwloc
- hyperscan (hyperscan-gitAUR)
- libdaqAUR (libdaq-staticAUR)
- libdnet (libdnet-gitAUR)
- libmnl (libmnl-gitAUR)
- libpcap (libpcap-gitAUR)
- libunwind (libunwind-carbonAUR, libunwind-gitAUR)
- luajit (luajit-2.1-lua52-gitAUR, luajit-gitAUR, luajit-openrestyAUR)
- lz4 (lz4-gitAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- pcre
- pulledporkAUR
- xz (xz-gitAUR)
- zlib (zlib-ng-compat-gitAUR, zlib-gitAUR, zlib-ng-compat)
- cmake (cmake-gitAUR) (make)
- pkgconf (pkgconf-gitAUR) (make)
Required by (5)
- barnyard2 (optional)
- oinkmaster
- pulledpork (optional)
- sguil-sensor (optional)
- snort3-extra
Sources (8)
graysky commented on 2022-12-05 01:19 (UTC)
amish commented on 2022-12-05 00:51 (UTC) (edited on 2022-12-05 00:51 (UTC) by amish)
@graysky - See part 1 of snort.lua
graysky commented on 2022-12-04 10:58 (UTC)
@amish - how is homenet.lua used? I do not see any lines in upstream's code looking for it and using the defs for HOME_NET in that file. I think you need to directly modify snort.lua to setup both HOME_NET and EXTERNAL_NET .. please correct me if I am wrong.
amish commented on 2022-12-02 16:01 (UTC) (edited on 2022-12-03 00:42 (UTC) by amish)
@graysky pulledpork is in depends because current post install/upgrade file calls pulledpork after package is installed / upgraded. Also config file is also designed by keeping pulledpork in mind. So that the snort package can be run out of box without changing the configuration.
About hyperscan, it can not be in optdepends.
Because if you build snort with hyperscan installed and then install snort, pacman will not install hyperscan on its own because it is in optdepends and package will fail to run unless you manually install hyperscan. So technically hyperscan becomes mandatory dependency and not optional dependency.
And if you build snort without hyperscan then even if you install hyperscan, it will not be used. As snort was not built with hyperscan. Hence optdepends will not make sense in this case. As its not really a dependency in this case.
Hyperscan has its own advantage and recommended to use upstream as it provides significant boost to snort's performance. https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Plus Arch is for x86_64 based systems. Hence priority would be to give better performance for x86_64 based systems.
graysky commented on 2022-12-02 09:34 (UTC)
Both pulledpork and hyperscan should not be depends but optdepends -- hyperscan isn't even available for non-x86_64
amish commented on 2022-06-10 14:26 (UTC) (edited on 2022-06-10 14:30 (UTC) by amish)
Can you please implement new changes made to snort-nfqueue package here:
https://aur.archlinux.org/packages/snort-nfqueue
For example:
- IP reputation support
- JSON logging
- file_policy instead of file_id
- flatbuffers is no more supported by snort
- sysusers file instead of creating snort user vis post-install script
- Improved logrotate config
Or if you add me as co-maintainer then I can do the same.
Thank you
lightsaber commented on 2022-04-02 11:20 (UTC) (edited on 2022-04-02 11:20 (UTC) by lightsaber)
It does not compile:
make[1]: Leaving directory '/var/cache/private/pamac/snort/src/snort3-3.1.22.0/build'
make: *** [Makefile:156: all] Error 2
make: Leaving directory '/var/cache/private/pamac/snort/src/snort3-3.1.22.0/build'
==> ERROR: A failure occurred in build().
Aborting...
newsboost commented on 2022-02-07 12:48 (UTC)
Oooh, man, this sucks... Is this package both out-of-date and abandonded? I appreciate the effort people put into maintaining stuff, but this is not right and not typical. Please fix!
==> Retrieving sources...
-> Found snort3-3.1.19.0.tar.gz
-> Downloading snort-openappid-21442.tar.gz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404
==> ERROR: Failure while downloading https://snort.org/downloads/openappid/21442
Aborting...
-> error making: snort
yay -S snort 61,85s user 12,81s system 119% cpu 1:02,31 total
bittin commented on 2022-01-26 08:17 (UTC)
3.1.21.0 released
amish commented on 2021-12-23 10:12 (UTC)
Latest announced version of snort is 3.1.18.0. But this package was just updated to 3.1.19.0.. why so?
Pinned Comments