Snort mailing list archives
Re: Dynamic Preprocessor Errors
From: Matthew Watchinski <mwatchinski () sourcefire com>
Date: Mon, 29 Jan 2007 10:44:08 -0500
Seems like a lot of people are having problems with this, so here's a snippit from my snort.conf that might help. ################################################### # Step #2: Configure dynamic loaded libraries # # If snort was configured to use dynamically loaded libraries, # those libraries can be loaded here. # # Each of the following configuration options can be done via # the command line as well. # # Load all dynamic preprocessors from the install path # (same as command line option --dynamic-preprocessor-lib-dir) # # IMPORTANT READ the FOLLOWING # # # Additionally if you are on Mac OSX you must read and follow the # Instructions in doc/INSTALL when compiling. If you don't # you will get a snort that exits with a "bus error" # Frustration will ensue. # # If your dynamic-preprocessors dir does not contain .so files you # have to do the following # # cd /usr/local/lib/snort_dynamicpreprocessor # # ln -s libsf_ftptelnet_preproc.so.0.0 libsf_ftptelnet_preproc.so # ln -s libsf_dcerpc_preproc.so.0.0 libsf_dcerpc_preproc.so # ln -s libsf_smtp_preproc.so.0.0 libsf_smtp_preproc.so # ln -s libsf_dns_preproc.so.0.0 libsf_dns_preproc.so # ln -s libsf_ssh_preproc.so.0.0 libsf_ssh_preproc.so # # This is all on one line, if email word wraps fix it. # Additionally you have to have the full qualified path # # Replace /usr/local/lib/snort_dynamicpreprocessor with # whatever is the fully qualified path is to your .so files. # dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so dynamicengine /usr/local/lib/snort_dynamicpreprocessor/libsf_engine.so ######## END SNIPPIT ########### Hope that helps. Cheers, -matt info+lucretia.ca wrote:
Hello. I'm trying to build 2.7.0.beta1 on Ubuntu 6.06. So far things are working well, except when I attempt to turn on the dynamic preprocessors. I encountered an ID error when I simply uncommented them so I added some text to make them look like the command line counterparts. I'm not certain whether they work from the command line, as I'm not interested in starting them this way. Starting snort with 'sudo' using the one and only parameter: '-c /etc/snort/snort.conf' I get the following output: ERROR: /etc/snort/snort.conf(539): Bad rule in rules file This line contains: dynamic-preprocessor-lib /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so I get this error with any dynamic preprocessor enabled in snort.conf. I've reviewed the documentation and could find nothing indicating the correct format for the 'dynamic-*' options for snort.conf (the command line is well documented...) and I reviewed the list and forums with no luck on a solution. Cheers, James Friesen, CIO Lucretia Enterprises Our World Is Here info at lucretia dot ca http://lucretia.ca
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dynamic Preprocessor Errors info+lucretia.ca (Jan 29)
- Re: Dynamic Preprocessor Errors Matthew Watchinski (Jan 29)
- Re: Dynamic Preprocessor Errors Jason (Jan 31)
- <Possible follow-ups>
- Re: Dynamic Preprocessor Errors info+lucretia.ca (Jan 29)
- Re: Dynamic Preprocessor Errors info+lucretia.ca (Jan 31)
- Re: Dynamic Preprocessor Errors Matthew Watchinski (Jan 31)
- Re: Dynamic Preprocessor Errors info+lucretia.ca (Feb 06)
- Re: Dynamic Preprocessor Errors info+lucretia.ca (Jan 31)