Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort 2.9.2.2 undefined symbols, and no data

From: Jeffrey Jilg <jjilg () fisoc com>
Date: Thu, 23 Aug 2012 14:35:16 -0500
Hi

Thanks in advance to anyone who helps on this. I'll gladly provide any data
that can be used to debug this. Other Ossim (free) users are having similar
issues.

I'm trying to get Snort working in the current Ossim distribution on Debian
linux.
Version 2.9.2.2 IPv6 GRE (Build 121)
installed within a VM in VirtualBox

The external issue is that no data is produced, as exhibited by empty logs
in /var/log/snort.
It appears that a library is incorrect or not loading properly.

Starting snort produces the following
prompt /etc/init.d#   /etc/init.d/snort_eth0 start
Starting Network Intrusion Detection System : snort_eth0 (eth0 using
/etc/snort/snort.eth0.conf/usr/lib/preloadable_libintl.so: dlsym:
/usr/lib/preloadable_libintl.so: undefined symbol: DAQ_MODULE_DATA
/usr/lib/libgettextpo.so: dlsym: /usr/lib/libgettextpo.so: undefined
symbol: DAQ_MODULE_DATA
/usr/lib/libcrypt.so: dlsym: /usr/lib/libcrypt.so: undefined symbol:
DAQ_MODULE_DATA
/usr/lib/libanl.so: dlsym: /usr/lib/libanl.so: undefined symbol:
DAQ_MODULE_DATA
...
etc....long list of undefined symbols
Available DAQ modules:
pfring(v1): live inline multi unpriv
pcap(v3): readback live multi unpriv
ipfw(v2): live inline multi unpriv
dump(v1): readback live inline multi unpriv
afpacket(v4): live inline multi unpriv

also
alienvault:/usr/lib# ls -al *pfr*
-rw-r--r-- 1 root root  12800 Jun  8 04:50 daq_pfring.so
-rw-r--r-- 1 root root 308480 Jan 26  2012 libpcap_pfring.so.1.1.1
-rw-r--r-- 1 root root 126536 Jun  6 08:11 libpfring.so

alienvault:/usr/lib# ls -al *pcap*
lrwxrwxrwx 1 root root     16 Aug 22 21:34 libpcap.so.0.8 ->
libpcap.so.1.1.1
lrwxrwxrwx 1 root root     23 Aug  6 16:40 libpcap.so.1 ->
libpcap_pfring.so.1.1.1
-rw-r--r-- 1 root root 217440 Jul 10  2011 libpcap.so.1.1.1
-rw-r--r-- 1 root root 308480 Jan 26  2012 libpcap_pfring.so.1.1.1

--end of data--

thanks,
Jeff J

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: