Snort mailing list archives
Re: Snort Services Failed to Start
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 24 Jun 2014 15:16:57 +0000
I’m just telling you what the error means: Jun 24 13:00:31 discovery snort[789]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_SSH version 1.1.3 (-2) Jun 24 13:00:31 discovery snort[784]: Starting snort: ERROR size 840 != 864 So, Snort is trying to load an old preprocessor. Need to find where it is trying to load it from (in your snort.conf) and delete it. On Jun 24, 2014, at 11:13 AM, <greg.mcnathansonsnuf003 () gmx-topmail de<mailto:greg.mcnathansonsnuf003 () gmx-topmail de>> <greg.mcnathansonsnuf003 () gmx-topmail de<mailto:greg.mcnathansonsnuf003 () gmx-topmail de>> wrote: Hello Joel, thanks for your help. I'm sure /usr/local/lib/snort_dynamicpreprocessor contains only files from 2.9.6.1, because I deleted the dir before installation. ls -l /usr/local/lib/snort_dynamicpreprocessor total 13704 -rw-r--r--. 1 root root 2929744 Jun 2 23:54 libsf_dce2_preproc.a -rwxr-xr-x. 1 root root 1275 Jun 2 23:54 libsf_dce2_preproc.la lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_dce2_preproc.so -> libsf_dce2_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_dce2_preproc.so.0 -> libsf_dce2_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 1670215 Jun 2 23:54 libsf_dce2_preproc.so.0.0.0 -rw-r--r--. 1 root root 351914 Jun 2 23:54 libsf_dnp3_preproc.a -rwxr-xr-x. 1 root root 1275 Jun 2 23:54 libsf_dnp3_preproc.la lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_dnp3_preproc.so -> libsf_dnp3_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_dnp3_preproc.so.0 -> libsf_dnp3_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 246414 Jun 2 23:54 libsf_dnp3_preproc.so.0.0.0 -rw-r--r--. 1 root root 127602 Jun 2 23:54 libsf_dns_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_dns_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_dns_preproc.so -> libsf_dns_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_dns_preproc.so.0 -> libsf_dns_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 132305 Jun 2 23:54 libsf_dns_preproc.so.0.0.0 -rw-r--r--. 1 root root 1096660 Jun 2 23:54 libsf_ftptelnet_preproc.a -rwxr-xr-x. 1 root root 1310 Jun 2 23:54 libsf_ftptelnet_preproc.la lrwxrwxrwx. 1 root root 32 Jun 2 23:54 libsf_ftptelnet_preproc.so -> libsf_ftptelnet_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 32 Jun 2 23:54 libsf_ftptelnet_preproc.so.0 -> libsf_ftptelnet_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 650168 Jun 2 23:54 libsf_ftptelnet_preproc.so.0.0.0 -rw-r--r--. 1 root root 361626 Jun 2 23:54 libsf_gtp_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_gtp_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_gtp_preproc.so -> libsf_gtp_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_gtp_preproc.so.0 -> libsf_gtp_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 231840 Jun 2 23:54 libsf_gtp_preproc.so.0.0.0 -rw-r--r--. 1 root root 480042 Jun 2 23:54 libsf_imap_preproc.a -rwxr-xr-x. 1 root root 1275 Jun 2 23:54 libsf_imap_preproc.la lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_imap_preproc.so -> libsf_imap_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_imap_preproc.so.0 -> libsf_imap_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 354247 Jun 2 23:54 libsf_imap_preproc.so.0.0.0 -rw-r--r--. 1 root root 314326 Jun 2 23:54 libsf_modbus_preproc.a -rwxr-xr-x. 1 root root 1289 Jun 2 23:54 libsf_modbus_preproc.la lrwxrwxrwx. 1 root root 29 Jun 2 23:54 libsf_modbus_preproc.so -> libsf_modbus_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 29 Jun 2 23:54 libsf_modbus_preproc.so.0 -> libsf_modbus_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 193645 Jun 2 23:54 libsf_modbus_preproc.so.0.0.0 -rw-r--r--. 1 root root 473890 Jun 2 23:54 libsf_pop_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_pop_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_pop_preproc.so -> libsf_pop_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_pop_preproc.so.0 -> libsf_pop_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 348693 Jun 2 23:54 libsf_pop_preproc.so.0.0.0 -rw-r--r--. 1 root root 255888 Jun 2 23:54 libsf_reputation_preproc.a -rwxr-xr-x. 1 root root 1317 Jun 2 23:54 libsf_reputation_preproc.la lrwxrwxrwx. 1 root root 33 Jun 2 23:54 libsf_reputation_preproc.so -> libsf_reputation_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 33 Jun 2 23:54 libsf_reputation_preproc.so.0 -> libsf_reputation_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 268676 Jun 2 23:54 libsf_reputation_preproc.so.0.0.0 -rw-r--r--. 1 root root 459080 Jun 2 23:54 libsf_sdf_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_sdf_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_sdf_preproc.so -> libsf_sdf_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_sdf_preproc.so.0 -> libsf_sdf_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 256103 Jun 2 23:54 libsf_sdf_preproc.so.0.0.0 -rw-r--r--. 1 root root 567996 Jun 2 23:54 libsf_sip_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_sip_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_sip_preproc.so -> libsf_sip_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_sip_preproc.so.0 -> libsf_sip_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 336522 Jun 2 23:54 libsf_sip_preproc.so.0.0.0 -rw-r--r--. 1 root root 767290 Jun 2 23:54 libsf_smtp_preproc.a -rwxr-xr-x. 1 root root 1275 Jun 2 23:54 libsf_smtp_preproc.la lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_smtp_preproc.so -> libsf_smtp_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 27 Jun 2 23:54 libsf_smtp_preproc.so.0 -> libsf_smtp_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 473661 Jun 2 23:54 libsf_smtp_preproc.so.0.0.0 -rw-r--r--. 1 root root 124594 Jun 2 23:54 libsf_ssh_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_ssh_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_ssh_preproc.so -> libsf_ssh_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_ssh_preproc.so.0 -> libsf_ssh_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 130553 Jun 2 23:54 libsf_ssh_preproc.so.0.0.0 -rw-r--r--. 1 root root 160256 Jun 2 23:54 libsf_ssl_preproc.a -rwxr-xr-x. 1 root root 1268 Jun 2 23:54 libsf_ssl_preproc.la lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_ssl_preproc.so -> libsf_ssl_preproc.so.0.0.0 lrwxrwxrwx. 1 root root 26 Jun 2 23:54 libsf_ssl_preproc.so.0 -> libsf_ssl_preproc.so.0.0.0 -rwxr-xr-x. 1 root root 147687 Jun 2 23:54 libsf_ssl_preproc.so.0.0.0 In snort.conf the path is correctly set: # path to dynamic preprocessor libraries dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor What else can I do? Greg Gesendet: Dienstag, 24. Juni 2014 um 16:16 Uhr Von: "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> An: "greg.mcnathansonsnuf003 () gmx-topmail de<mailto:greg.mcnathansonsnuf003 () gmx-topmail de>" <greg.mcnathansonsnuf003 () gmx-topmail de<mailto:greg.mcnathansonsnuf003 () gmx-topmail de>> Cc: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Betreff: Re: [Snort-users] Snort Services Failed to Start Looks like you are using the 2.9.5.6 dynamic preprocessors with Snort 2.9.6.1. You’ll probably want to delete things in /usr/local/lib/snort_dynamicpreprocessor and reinstall 2.9.6.1 On Jun 24, 2014, at 9:12 AM, greg.mcnathansonsnuf003 () gmx-topmail de<x-msg://14/greg.mcnathansonsnuf003 () gmx-topmail de> wrote: Hi snort experts, is there any solution for this? I have the same problem as Steven Vona. Starting snort: ERROR size 840 != 864 I updated from snort 2.9.5.6 to version 2.9.6.1 on a Fedora 20 machine (x86_64). (Kernel 3.14.4-200.fc20.x86_64) journactl -b -0 -u snort.service ... Jun 24 13:00:30 discovery snort[789]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor... Jun 24 13:00:30 discovery snort[789]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so... Jun 24 13:00:30 discovery snort[789]: done ... Jun 24 13:00:31 discovery snort[789]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so... Jun 24 13:00:31 discovery snort[789]: done Jun 24 13:00:31 discovery snort[789]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor Jun 24 13:00:31 discovery snort[789]: Log directory = /var/log/snort .... Jun 24 13:00:31 discovery snort[789]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Jun 24 13:00:31 discovery snort[789]: alert_fragments: INACTIVE Jun 24 13:00:31 discovery snort[789]: alert_large_fragments: INACTIVE Jun 24 13:00:31 discovery snort[789]: alert_incomplete: INACTIVE Jun 24 13:00:31 discovery snort[789]: alert_multiple_requests: INACTIVE Jun 24 13:00:31 discovery snort[789]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_SSH version 1.1.3 (-2) Jun 24 13:00:31 discovery snort[784]: Starting snort: ERROR size 840 != 864 Jun 24 13:00:31 discovery snort[784]: [FAILED] Jun 24 13:00:31 discovery snort[822]: Stopping snort: [FAILED] Jun 24 13:00:31 discovery systemd[1]: Started Snort IDS system. The /usr/local/lib/snort_dynamicpreprocessor directory contains only new files from snort 2.9.6.1. Config parameters for installation of snort 2.9.6.1: $ ./configure --enable-sourcefire --enable-zlib --enable-reload --enable-reload-error-restart Config parameters for installation of daq 2.0.2: $ ./configure I haven't been able to use libnetfilter_queue libraries and libnfnetlink libraries from the fedora 20 repository. Usage of these libraries resulted in segmentation faults. So I use an older version of these libraries (libnetfilter_queue 1.1.0 and libnfnetlink 0.2.0). With these libraries no segmentation faults occured. Any ideas, what to do to get snort running? Any help would be greatly appreciated. Greg ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start Joel Esler (jesler) (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start Joel Esler (jesler) (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start Joel Esler (jesler) (Jun 24)