Re: 3.0 beta2 does not load dynamic preprocessors

["Russ Combs" <rcombs () sourcefire com>]

Nerijus,

Have you tried configuring using the dynamic_engine_lib and
dynamic_preprocessor_lib_dir options in snort.lua something like this?

opttab={
    ..., dynamic_engine_lib="/usr/local/snortsp/lib/snort/sf_engine.so",

dynamic_preprocessor_lib_dir="/usr/local/snortsp/lib/snort/snort_preproc",
...
}

If you are still having problems, please send the relevant parts of your
original conf, new conf, and lua files.  It would also be helpful to have
the sspiffy.sh args and output.

Russ

On Thu, Sep 4, 2008 at 8:41 AM, Nerijus Krukauskas <nkrukauskas () gmail com>wrote:

>  Wanted to try the 3.0b2 release of snort, but stumbled on one
> problem. It refuses to load dynamic preprocessors. The config for
> 3.0b2 is converted from config used for 2.8.2.2. Everything is done
> according to README.bridge file. The path specified in resulting
> snort.lua is correct and contains a bunch of preprocessors. But
> snortsp spits error messages like:
>
> snort.conf(628) unknown dynamic preprocessor "smtp"
> snort.conf(747) unknown dynamic preprocessor "ssh"
> etc.
>
>  Tried strace'ing the snortsp process. There're NO attempts to load
> anything from preproc dir. Not even the
> /usr/local/lib/snort/sf_engine.so, which is also specified in
> snort.lua.
>  I use the following example script from README.bridge to test the config:
> --
> snort="/usr/local/snortsp/lib/snort/snort.so"
> opttab={ conf="snort.conf" }
> analyzer.cfgtest({module=snort, data=opttab, order=1})
> ssp.shutdown()
> --
>
>
>  Don't know where to look further... Anyone else tried 3.0b2?
>
> --
> http://nk99.org/
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users