Re: Dynamic Preprocessor Errors

["info+lucretia.ca" <info () lucretia ca>]

Hi,

Sorry for the delay replying, I was out of town.

That did the trick, it appears I didn't have the syntax correct.

Thanks,

James Friesen, CIO
Lucretia Enterprises
Our World Is Here
info at lucretia dot ca
http://lucretia.ca

> -----Original Message-----
> From: Matthew Watchinski [mailto:mwatchinski () sourcefire com]
> Sent: Wednesday, January 31, 2007 5:46 PM
> To: info+lucretia.ca
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Dynamic Preprocessor Errors
>
> Did you try the snort.conf snippit I sent to the list?
>
> Cheers,
> -matt
>
> info+lucretia.ca wrote:
> > Anyone have a solution for this?
> >
> > Cheers,
> >
> >
> > James Friesen, CIO
> >
> > > Thanks for the responses.
> >
> > > Yes, these and all the other preprocessors are in this dir and
> > > linked.  Here is the output from this dir:
> >
> >
> > > sloa@X4ft11:/usr/local/lib/snort_dynamicpreprocessor$ ls -la total
> > > 1268
> > > drwxr-xr-x 2 root root   4096 2007-01-28 13:57 .
> > > drwxr-xr-x 6 root root   4096 2007-01-25 21:12 ..
> > > - -rw-r--r-- 1 root root 150854 2007-01-28 13:57
> > > libsf_dcerpc_preproc.a
> > > - -rwxr-xr-x 1 root root    989 2007-01-28 13:57
> > > libsf_dcerpc_preproc.la
> > > lrwxrwxrwx 1 root root     29 2007-01-28 13:57
> > > libsf_dcerpc_preproc.so ->
> > > libsf_ dcerpc_preproc.so.0.0.0
> > > lrwxrwxrwx 1 root root     29 2007-01-28 13:57
> > > libsf_dcerpc_preproc.so.0 ->
> > > libs f_dcerpc_preproc.so.0.0.0
> > > - -rwxr-xr-x 1 root root  93883 2007-01-28 13:57
> > > libsf_dcerpc_preproc.so.0.0.0
> > > - -rw-r--r-- 1 root root  51862 2007-01-28 13:57
> libsf_dns_preproc.a
> > > - -rwxr-xr-x 1 root root    968 2007-01-28 13:57
> libsf_dns_preproc.la
> > > lrwxrwxrwx 1 root root     26 2007-01-28 13:57
> libsf_dns_preproc.so ->
> > > libsf_dns _preproc.so.0.0.0
> > > lrwxrwxrwx 1 root root     26 2007-01-28 13:57
> > > libsf_dns_preproc.so.0 ->
> > > libsf_d ns_preproc.so.0.0.0
> > > - -rwxr-xr-x 1 root root  41482 2007-01-28 13:57
> > > libsf_dns_preproc.so.0.0.0
> > > - -rw-r--r-- 1 root root 302478 2007-01-28 13:57
> > > libsf_ftptelnet_preproc.a
> > > - -rwxr-xr-x 1 root root   1010 2007-01-28 13:57
> > > libsf_ftptelnet_preproc.la
> > > lrwxrwxrwx 1 root root     32 2007-01-28 13:57
> > > libsf_ftptelnet_preproc.so ->
> > > lib sf_ftptelnet_preproc.so.0.0.0
> > > lrwxrwxrwx 1 root root     32 2007-01-28 13:57
> > > libsf_ftptelnet_preproc.so.0
> > > -> l ibsf_ftptelnet_preproc.so.0.0.0
> > > - -rwxr-xr-x 1 root root 194949 2007-01-28 13:57
> > > libsf_ftptelnet_preproc.so.0.0.0
> > > - -rw-r--r-- 1 root root 173890 2007-01-28 13:57
> libsf_smtp_preproc.a
> > > - -rwxr-xr-x 1 root root    975 2007-01-28 13:57
> libsf_smtp_preproc.la
> > > lrwxrwxrwx 1 root root     27 2007-01-28 13:57
> > > libsf_smtp_preproc.so ->
> > > libsf_sm tp_preproc.so.0.0.0
> > > lrwxrwxrwx 1 root root     27 2007-01-28 13:57
> > > libsf_smtp_preproc.so.0 ->
> > > libsf_ smtp_preproc.so.0.0.0
> > > - -rwxr-xr-x 1 root root 108681 2007-01-28 13:57
> > > libsf_smtp_preproc.so.0.0.0
> > > - -rw-r--r-- 1 root root  56934 2007-01-28 13:57
> libsf_ssh_preproc.a
> > > - -rwxr-xr-x 1 root root    968 2007-01-28 13:57
> libsf_ssh_preproc.la
> > > lrwxrwxrwx 1 root root     26 2007-01-28 13:57
> libsf_ssh_preproc.so ->
> > > libsf_ssh _preproc.so.0.0.0
> > > lrwxrwxrwx 1 root root     26 2007-01-28 13:57
> > > libsf_ssh_preproc.so.0 ->
> > > libsf_s sh_preproc.so.0.0.0
> > > - -rwxr-xr-x 1 root root  46923 2007-01-28 13:57
> > > libsf_ssh_preproc.so.0.0.0
> >
> >
> > > Cheers,
> >
> > > James Friesen
> >
> >
> > > > -----Original Message-----
> > > > From: rmkml [mailto:rmkml () free fr]
> > > >
> > > > Hi,
> > > > do you have libsf_ftptelnet_preproc.so on this dir ?
> > > >   /usr/local/lib/snort_dynamicpreprocessor/
> > > > and please send "ls -la /usr/local/lib/snort_dynamicpreprocessor/"
> > > > Regards
> > > > Rmkml
> > > >
> > > >
> > > > On Mon, 29 Jan 2007, info+lucretia.ca wrote:
> > > >
> > > > > Hello.
> > > > >
> > > > > I'm trying to build 2.7.0.beta1 on Ubuntu 6.06.  So far
> > > things are
> > > > > working well, except when I attempt to turn on the dynamic
> > > > preprocessors.
> > > > > I encountered an ID error when I simply uncommented them
> > > so I added
> > > > > some text to make them look like the command line
> > > > counterparts.  I'm
> > > > > not certain whether they work from the command line, as I'm not
> > > > > interested in starting them this way.
> > > > >
> > > > > Starting snort with 'sudo' using the one and only
> parameter:  '-c
> > > > > /etc/snort/snort.conf' I get the following output:
> > > > >
> > > > >  ERROR: /etc/snort/snort.conf(539): Bad rule in rules file
> > > > >
> > > > > This line contains:
> > > > >
> > > > >  dynamic-preprocessor-lib
> > > /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
> > > > > I get this error with any dynamic preprocessor enabled in
> > > > snort.conf.
> > > > > I've reviewed  the documentation and could find nothing
> > > > indicating the
> > > > > correct format for the 'dynamic-*' options for snort.conf
> > > > (the command
> > > > > line is well documented...) and I reviewed the list and
> > > > forums with no
> > > > > luck on a solution.
> > > > >
> > > > > Cheers,
> > > > >
> > > > >
> > > > > James Friesen, CIO
>
>
> --------------------------------------------------------------
> -----------
> Using Tomcat but need to do more? Need to support web
> services, security?
> Get stuff done quickly with pre-integrated technology to make
> your job easier.
> Download IBM WebSphere Application Server v.1.0.1 based on
> Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&;
dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users