Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unable to use dynamicrules on CentOS 6.4 x86_64

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 05 Jul 2013 08:17:56 -0400
On 7/5/2013 05:47, Jaspal wrote:

Hi,

I am trying to use the dynamic rules present in snort-rules-snapshot-2495 with
snort-2.9.5 on a CentOS 6.4 x86_64 Amazon EC2 VM.


is this "snort-2.9.5" a typo? if not, then that's part of your problem... in 
many cases you cannot mix rules for one version of snort with a different 
version of snort... the dynamic rules are definitely an example of this...


I have compiled daq and snort from source. Used libdnet and libdnet-devel from
the rpm repo.


does not matter in this case...


I get the following error upon trying to use the precompiled shared libs from
either of RHEL-6.0 or CentOS-5.4 :
"The dynamic detection library
"/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0 compiled with
dynamic engine library version 1.17 isn't compatible with the current dynamic
engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.0"


this tells you exactly what the error is and where...


Both the snort-rules and snort are compiled from the latest sources.
It looks like a version mismatch. But where exactly ?


inside the compiled so rules file(s)... the above message tells you that the 
version 1.0 of web-activex.so compiled with dynamic engine library 1.17  is not 
compatible with the current dynamic engine library 2.0...


Or is there a way to compile the shared libs and use them ?


yes but i'm not familiar with how to do it... someone else will have to speak on 
this...


Also, why does snort provide precompiled shared libs for CentOS-6.x ?


someone else will have to speak on this, too...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: