Snort mailing list archives
Re: undefined symbol: LibVersion error
From: David Holder <david.holder () gmail com>
Date: Fri, 16 Apr 2010 16:58:55 +0100
Hi JJ, Thanks for your reply, I can now run it. However, I've come across a different problem now. Everything seems to indicate that snort is working fine, but nothing is being logged into the MYSQL database. I've added the following into my snort.conf: output database: log, mysql, user=snort password=MyDBPassword dbname=snort host=localhost Base is reporting no information: Sensors/Total: 0 / 1 Unique Alerts: 0 Categories: 0 Total Number of Alerts: 0 * Src IP addrs: 0 * Dest. IP addrs: 0 * Unique IP links 0 If I try and run snort without Daemon mode I get the following output: Initializing Network Interface eth0 Decoding Ethernet on interface eth0 database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snort database: database name = snort database: sensor name = 192.168.202.239 database: sensor id = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility eth0 is the correct name. Although the last thing to come from terminal is: Not Using PCAP_FRAMES. I've run snort -DEV and I can see the traffic being analysed, so there is something there to log. Any help would be appreciated. Thanks, On Fri, Apr 16, 2010 at 4:19 PM, JJ Cummings <cummingsj () gmail com> wrote:
Delete all of the *example* rules that are in /usr/local/lib/snort_dynamicrules/ On Fri, Apr 16, 2010 at 9:14 AM, David Holder <david.holder () gmail com>wrote:Hi all, I installed Snort yesterday and configured it based on the guide provided on the ubuntu forums : http://ubuntuforums.org/showthread.php?t=919472 I'm running ubuntu 9.10 server edition and the latest version of Snort and BASE. I've managed to configure the database, permissions, snort.conf but when I try and launch snort like so: snort -c /etc/snort/snort.conf I get the following: root@snort:~# snort -c /etc/snort/snort.conf Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/etc/snort/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80 1220 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1521 ] Detection: Search-Method = AC-BNFA-Q Tagged Packet Limit: 256 Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so... ERROR: Failed to find LibVersion() function in /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so: /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so: undefined symbol: LibVersion Fatal Error, Quitting.. Does anyone have any idea how I can resolve this issue? Thanks, David ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- undefined symbol: LibVersion error David Holder (Apr 16)
- Re: undefined symbol: LibVersion error JJ Cummings (Apr 16)
- Re: undefined symbol: LibVersion error David Holder (Apr 16)
- Re: undefined symbol: LibVersion error JJ Cummings (Apr 16)
- Re: undefined symbol: LibVersion error David Holder (Apr 18)
- Re: undefined symbol: LibVersion error Richard Bejtlich (Apr 18)
- Re: undefined symbol: LibVersion error JJ Cummings (Apr 18)
- Re: undefined symbol: LibVersion error David Holder (Apr 16)
- Re: undefined symbol: LibVersion error JJ Cummings (Apr 16)