Snort mailing list archives
can`t to start preprocessors after updating
From: Oleg Ruso <soy_siberiano () yahoo com>
Date: Mon, 16 Nov 2015 12:24:11 +0000 (UTC)
Hi List.------------------------- snort-2.9.7.6 Name : snort Version : 2.9.7.6 Architecture : freebsd:9:x86:64 ... Options : APPID : off BARNYARD : on DBGSNORT : off DOCS : on FILEINSPECT : on GRE : on HA : off IPV6 : off LRGPCAP : off NONETHER : off NORMALIZER : on PERFPROFILE : on PULLEDPORK : on SOURCEFIRE : on Shared Libs required: libpcre.so.1 libsfbpf.so.0 libcrypto.so.8 libdnet.so.1 Shared Libs provided: libsf_dce2_preproc.so.0 libsf_engine.so.0 libsf_sdf_preproc.so.0 libsf_pop_preproc.so.0 libsf_ssl_preproc.so.0 libsf_modbus_preproc.so.0 libsf_file_preproc.so.0 libsf_dns_preproc.so.0 libsf_ssh_preproc.so.0 libsf_reputation_preproc.so.0 libsf_smtp_preproc.so.0 libsf_gtp_preproc.so.0 libsf_imap_preproc.so.0 libsf_ftptelnet_preproc.so.0 libsf_dnp3_preproc.so.0 libsf_sip_preproc.so.0---------------------------------------------------- After the updating, got a problem with preprocessors. 1. Start: snort -T -c /usr/local/etc/snort/snort.conf Got an error ----------------- ERROR size 1152 != 1128 ERROR: Failed to initialize dynamic preprocessor: APPID version 1.1.4 (-2) --------------- it was a conflict with an old preprocessors libraries version. I deleted all files from the dynamicpreprocessor directory /usr/local/lib/snort/dynamic_preproc and then, reinstalled Snort.(from port) And now, got only one file in the dynamicpreprocessor directory. -rw-r--r-- 1 root wheel 110k 11 ноя 16:43 libsf_dynamic_preproc.a 2.The consequence are - can`t to start preprocessors dns, ssh, dcerpc2, dcerpc2_server En error example ERROR: /usr/local/etc/snort/snort.conf(150) Unknown preprocessor: "dns". I checked the config file carefully, has not some errors. Where to find missing libraries for snort-2.9.7.6 ? Or what another reason can be? Thanks.
------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- can`t to start preprocessors after updating Oleg Ruso (Nov 16)
- Re: can`t to start preprocessors after updating wkitty42 (Nov 16)