Snort mailing list archives

Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine

From: Mike H <mizelhike () hotmail com>
Date: Sun, 18 Aug 2013 04:00:58 +0000




Thanks for the response Waldo, that did the trick! I delete the rules and Snort runs fine. Seems so obvious now--files 
not compatible==>delete files :)
According to your post this also puts the "newer and proper SO files back in place". I believe you are implying (or at 
least I am inferring) that the latest ruleset comes prepackaged with snort (where are those SO files?).  Ok, makes 
sense--but the user still needs to update the rules at some point.
So, if I am reading that right it means that I can't just go out to http://www.snort.org/snort-rules/, grab the latest 
"Registered User" rules and install them?  That seems odd, am I missing something?
The Snort install instructions explicitly point you to download and install the latest rules, like so:
sudo tar zxvf snortrules-snapshot-2950.tar.gz -C /usr/local/snortsudo mkdir /usr/local/snort/lib/snort_dynamicrulessudo 
cp /usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/2.9.5.0/* \/usr/local/snort/lib/snort_dynamicrulessudo touch 
/usr/local/snort/rules/white_list.rulessudo touch /usr/local/snort/rules/black_list.rulessudo ldconfig
But that just takes me back to the same compatibility error below.  I'm sure I am screwing something up here, just not 
sure what.  Any thoughts on how I can get the latest rules from the website loaded?
I was hoping to understand how to do this manually, then move on to installing Pulled Pork.  Appreciate the help!

Date: Sat, 17 Aug 2013 20:48:34 -0400
From: wkitty42 () windstream net
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] ERROR: dynamic detection lib is compiled with an older version of the dynamic engine

On 8/17/2013 13:38, Michael Heard wrote:

ERROR: Dynamic detection lib /usr/local/snort/lib/snort_dynamicrules/nntp.so 1.0
isn't compatible with the current dynamic engine library
/usr/local/snort/lib/snort_dynamicengine/libsf_engine.so 2.1.
The dynamic detection lib is compiled with an older version of the dynamic engine.
Fatal Error, Quitting../

The error seems to indicate that I need a newer dynamic rule set that is
compatible with the dynamicengine I am running.


it is not just the rules set that must be compatible but also the shared so 
dynamic engine files... shut down your snort, and remove the SO files in your 
/usr/local/snort/lib/snort_dynamicengine/ directory... then reinstall snort to 
put the newer and proper SO files back in place... then restart your snort and 
you should be good to go... that is if i have grabbed the proper directory from 
your post where the problem lies...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

ERROR: dynamic detection lib is compiled with an older version of the dynamic engine Michael Heard (Aug 17)
- Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine waldo kitty (Aug 17)
  - Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine Mike H (Aug 17)
    - Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine waldo kitty (Aug 18)
    - Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine Mike H (Aug 18)
    - Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine waldo kitty (Aug 18)
    - Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine Mike H (Aug 18)
    - Re: ERROR: dynamic detection lib is compiled with an older version of the dynamic engine waldo kitty (Aug 18)