Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Error running snort

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 10 Oct 2012 21:02:51 -0400
On 10/10/2012 17:58, AllowOverride wrote:

this leads to another issue, so_rules, i did not see ubuntu 12.04
listed, only up to 12.04. is there a updated precompiled rule set for
12.04 coming soon, not that i know what they are for, i figure packets
being analyzed should matter what distro it is coming for?


SO rules are SharedObject rules... in other words, they are like DLL files... 
but, unlike the regular textual rules, these are source code and can perform 
code oriented feats that the plain text rules cannot... "feats" like those you 
would see in a program... certain math functions and comparison options that are 
just not capable of being done by text rules...

as such, they must be compiled against the kernel running on your *nix *sd etc 
system...


i assume the precompiled rules are for base services included in each
linux different distro, thus the need to specify them in the first
place.

dont answer that, i will figure it out, just thinking out loud..


:) :)




On Wed, 2012-10-10 at 14:27 -0600, Jefferson, Shawn wrote:

You have the wrong version of so rules for your distro/os.



----- Original Message -----
From: Akinwale Fasuru<fashman2k1 () yahoo com>
To: snort-users () lists sourceforge net<snort-users () lists sourceforge net>
Sent: Wed Oct 10 12:47:43 2012
Subject: [Snort-users] Error running snort

Pls i encountered this erro when tring to run snort # snort -c /etc/snort/snort.conf

ERROR: Failed to load /usr/local/lib/snort_dynamicrules/netbios.so: /usr/local/lib/snort_dynamicrules/netbios.so: 
wrong ELF class: ELFCLASS32

What can i do?

Wale


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: