Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenBSD 4.9 and Snort 2.9.0.5 - libsf_engine.so Missing

From: "Randal T. Rioux" <randy () procyonlabs com>
Date: Sun, 03 Jul 2011 18:14:54 -0400
On 7/3/2011 2:38 AM, Randal T. Rioux wrote:

I've written the list before about this for 4.7 and 2.9.0.1 - never got
it working without commenting the dynamicengine line in snort.conf.

configure string:

./configure --enable-ppm --enable-zlib --enable-perfprofiling
--enable-pthread --enable-dynamicplugin
--with-libpcap-includes=/usr/local/include
--with-libpcap-libraries=/usr/local/lib
--with-daq-includes=/usr/local/include --with-daq-libraries=/usr/local/lib

Relevant snort.conf entry:

# path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

...and this would be because there are only the .a and .la files there.

On another note, I'm also getting these obnoxious errors now, and I
don't know what I changed to cause it!:

Unknown Stream5 global option (preprocessor stream5_tcp: xxany of themxx)


I should also add that the hack:

# perl -e 'for(@ARGV){$nf = $_ ; $nf =~ s/\.0\.0//; link($_,$nf)}' \
  /usr/local/lib/snort_dynamicengine/*

# perl -e 'for(@ARGV){$nf = $_ ; $nf =~ s/\.0\.0//; link($_,$nf)}' \
  /usr/local/lib/snort_dynamicpreprocessor/*

doesn't work because there are no SO files to work with (ie *.so.0.0).
They just aren't being created.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: