Re: seek help for installation for snort2.8

[Ryan Jordan <ryan.jordan () sourcefire com>]

It sounds like you're still using your old snort.conf file. "flow" has been
deprecated for some time, and we finally removed it from Snort. Use Stream5
instead.

When you upgrade Snort, you should start with the new snort.conf file and
make changes to fit your preferences.

-Ryan

On Fri, Jan 22, 2010 at 10:12 PM, bai haoquan <baihaoquan () gmail com> wrote:

> Hi Ryan,
>
> I did "make uninstall" in the snort directory, and then delete the
> /usr/local/snort/, but when I install the snort-2.8.5.2, also failed:
>
> ....
>     Portscan Detection Config:
>     Detect Protocols:  TCP UDP ICMP IP
>     Detect Scan Type:  portscan portsweep decoy_portscan
> distributed_portscan
>     Sensitivity Level: Low
>     Memcap (in bytes): 10000000
>     Number of Nodes:   36900
>     ERROR: /usr/local/snort/etc/snort.conf(190) Unknown preprocessor:
> "flow".
>     Fatal Error, Quitting..
> and I had already add two lines
>
> "dynamicpreprocessor directory
> /usr/local/snort/lib/snort_dynamicpreprocessor/
>  dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so"
>
>  in my snort.conf.
>
> Please help me to fix this, thank you very much.
>
>
>
> On Sat, Jan 23, 2010 at 1:09 AM, Ryan Jordan <ryan.jordan () sourcefire com>wrote:
>
> > Make sure you don't have old preprocessors from previous installations
> > hanging around in your /usr/local/snort/lib/snort_dynamicpreprocessor
> > directory. The easiest way to do this would be to delete them all and re-do
> > "make install".
> >
> > If all else fails, upgrade to a recent version of Snort and try again.
> > Snort 2.8.0 is pretty old in Internet years.
> >
> >   On Fri, Jan 22, 2010 at 7:06 AM, bai haoquan <baihaoquan () gmail com>wrote:
> >
> > >   Hi all,
> > >
> > > I want to install snort-2.8.0 on my Fedora12, but after the "./configure
> > > --prefix=/usr/local/snort/ --with-mysql=/usr/local/mysql/
> > > --enable-dynamicplugin --enable-inline, make, make install", then  I add two
> > > lines
> > >
> > > "dynamicpreprocessor directory
> > > /usr/local/snort/lib/snort_dynamicpreprocessor/
> > >  dynamicengine
> > > /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so"
> > >
> > > in my snort.conf, but when I use commandline "snort -c
> > > /usr/local/snort/etc/snort.conf" to start snort, some erres msg occurd as
> > > below:
> > >    .....
> > >   Loading dynamic preprocessor library
> > > /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so...
> > > done
> > >   Loading dynamic preprocessor library
> > > /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
> > >   Loading dynamic preprocessor library
> > > /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
> > >   Finished Loading all dynamic preprocessor libs from
> > > /usr/local/snort/lib/snort_dynamicpreprocessor/
> > >   ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP version
> > > 1.1.3
> > >
> > >
> > >  I am looking forward to your early reply and thanks very much.
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Throughout its 18-year history, RSA Conference consistently attracts the
> > > world's best and brightest in the field, creating opportunities for
> > > Conference
> > > attendees to learn about information security's most important issues
> > > through
> > > interactions with peers, luminaries and emerging and established
> > > companies.
> > > http://p.sf.net/sfu/rsaconf-dev2dev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users