Re: MySQL support for Snort 2.9.4

[Kaya Saman <kayasaman () gmail com>]

On 12/11/2012 01:41 AM, Jeremy Hoel wrote:
> Without looking at the Google's, normally preprocessor errors are 
> missing files.  Look in your snort conf and make sure the paths to the 
> preprocessors are correct.
>
> And if you are using ipv6 addresses make sure you use ipvar vs var in 
> snort conf.

Hmm.... this is interesting.

I reverted my config back from ipvar to var since I'm using IPv4.

The libraries are setup as such:

# path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

# path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

# path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules


of which they are all there:

# ls /usr/local/lib | grep snort
snort_dynamicengine
snort_dynamicpreprocessor
snort_dynamicrules


The rules have been setup as such:

var RULE_PATH ./rules
var SO_RULE_PATH ./so_rules
var PREPROC_RULE_PATH ./preproc_rules


All the *rules files and directories reside within /etc/snort/ - I have 
also attempted to put the full dir path too; /etc/snort/rules etc...

- which didn't yield any difference.


I'm not sure what's going on, I don't have anything in the dynamicrules 
or dynamicpreprocessor folders though! Could this be the issue?


Regards,


Kaya


> On Dec 10, 2012 6:16 PM, "Kaya Saman" <kayasaman () gmail com 
> <mailto:kayasaman () gmail com>> wrote:
>
>     On 12/11/2012 01:13 AM, beenph wrote:
> >     On Mon, Dec 10, 2012 at 8:04 PM, Kaya Saman <kayasaman () gmail com
> >     <mailto:kayasaman () gmail com>> wrote:
> >     >
> >
> >     >
> >     > I've just compiled and installed Barnyard2 now and currently
> >     working on
> >     > the integration with snort 2.9.3.1.
> >     >
> >     > I just wonder if I will need to do anything different for my
> >     BASE setup??
> >     >
> >     No, it uses the same schema and should continue to work as expected,
> >     the main difference being that its barnyard2 that feeds the database.
> >     -elz
>
>     Thanks for the response!
>
>     I know I should ask this in a new Subject Heading however I'm
>     getting this error while trying to start Snort:
>
>     ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP (IPV6)
>     version 1.1.4 (-1)
>
>     # snort -V
>
>        ,,_     -*> Snort! <*-
>       o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40)
>        ''''    By Martin Roesch & The Snort Team:
>     http://www.snort.org/snort/snort-team
>                Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>                Using libpcap version 1.3.0
>                Using PCRE version: 8.30 2012-02-04
>                Using ZLIB version: 1.2.3
>
>
>     OS is OpenBSD 5.2 SPARC64
>
>     Am running: snort -T -i trunk0 -c /etc/snort/snort.conf to start snort
>
>
>     Am currently Google'ing it but not getting very far.......
>
>
>     Regards,
>
>
>     Kaya

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!