Package Details: snort 3.5.0.0-1

Git Clone URL: https://aur.archlinux.org/snort.git (read-only, click to copy)
Package Base: snort
Description: A lightweight network IDS /IPS with OpenAppID support.
Upstream URL: https://www.snort.org
Licenses: GPL
Submitter: Snowman
Maintainer: robertfoster
Last Packager: robertfoster
Votes: 65
Popularity: 0.030460
First Submitted: 2012-11-16 17:33 (UTC)
Last Updated: 2024-10-30 11:32 (UTC)

Pinned Comments

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 .. 10 Next › Last »

vigilantehobo commented on 2021-12-03 03:01 (UTC)

Was able to get snort to install after messing with PKGBUILD.

Accidentally deleted my comment too :(

Haxx commented on 2021-08-02 15:27 (UTC) (edited on 2021-08-02 15:30 (UTC) by Haxx)

Hi,

I have installed snort3 as provided by the AUR package:

""" :~$ snort -V

,,_ -> Snort++ <- o" )~ Version 3.1.6.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.4 Using LuaJIT version 2.1.5 Using OpenSSL 1.1.1f 25 Mar 2021 Using libpcap version 1.9.1 (with TPACKET_V3) Using PCRE version 8.45 2021-06-15 Using ZLIB version 1.2.11 Using FlatBuffers 2.0.0 Using Hyperscan version 5.4.0 2021-01-13 Using LZMA version 5.2.5 """ So far so good but when I test the defaul configuration file: """ $ snort -c /etc/snort/snort.lua

The long output ends up with:

Finished /etc/snort/snort.lua:

ERROR: Could not find requested DAQ module: pcap

FATAL: see prior 1 erros (0 warnings) Fatal Erro, Quitting.. """ instead of: """ Snort successfully validated the configuration (with 0 warnings). o")~ Snort exiting """

The same issue has been reported on Ubuntu 20.04 as well

( https://stackoverflow.com/questions/66014641/snort-3-0-error-could-not-find-requested-daq-moduel-pcap)

Please advise,

amish commented on 2021-07-02 04:51 (UTC)

@akeller - actually message is wrong. You have to edit this file. /etc/snort/homenet.conf and NOT snort.lua

In most cases you do not need to edit homenet.conf if using private addresses.

akeller commented on 2021-07-02 03:12 (UTC) (edited on 2021-07-02 03:13 (UTC) by akeller)

pulledpork also probably shouldn't be a requirement since the rules are incompatible with snort3. The requirement should be removed or replaced with pulledpork3

edit: I'm completely new to snort and could be wrong about the compatibility. But that seems to be the case.

akeller commented on 2021-07-02 02:22 (UTC)

The install gives this message:

You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network.

but it seems that the conf file is now /etc/snort/snort.lua

robertfoster commented on 2021-06-10 11:31 (UTC) (edited on 2021-06-10 11:32 (UTC) by robertfoster)

@amish you're totally right, apologies. I added your username as contributor

hemitheconyx commented on 2021-06-06 09:21 (UTC)

Is there a reason for !makeflags to be in the options of the PKGBUILD ?

I built without it (meaning I built with my MAKEFLAGS, set to -j8) and it worked fine.

amish commented on 2021-06-06 01:57 (UTC) (edited on 2021-06-06 03:26 (UTC) by amish)

Hi robertfoster. You copied everything from my AUR package. Snort-nfqueue.

That is fine. But you didn't mention my name anywhere. i.e. you gave me no credits for studying snort 3 and putting lots of hardwork in configuring it etc.

Thats very bad.