Snort mailing list archives
Re: Issue with shared object rules [solved]
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 30 Aug 2013 16:51:00 -0400
Right now, when a new version of Snort is released, non-subscriber users essentially can't use Shared object rules for thirty days. We are going steps to fix this. -- Joel Esler Sent from my iPad On Aug 30, 2013, at 2:14 PM, Anshuman Anil Deshmukh <anshuman () cybage com> wrote:
[Adding solved tag] Hi Joel, Thanks for your help. Just to share some more information on this. I had downloaded snort version 2.9.5 along with below snortrules-snapshot files which were available at the time of the download with Snort package version 2.9.5. There were no other rule files available for download. snortrules-snapshot-2931.tar.gz snortrules-snapshot-2941.tar.gz snortrules-snapshot-2945.tar.gz snortrules-snapshot-2946.tar.gz Initially I had tried using the snortrules version 2946 as it was the only closest match for my version. With this file I was trying to create stub files from the so_rules, but it didn’t worked. Hence only for that reason I had tried to create stub files from the other versions. I had pointed the same thing in my initial e-mail. I was basically looking for the snortrules-snapshot file relevant to my version which was 2.9.5 which was not available on snort.org when I had downloaded the snort package Today after I have seen your mail I just checked the snort.org and what a surprise! I was able to see snortrules file specific to version 2.9.5. Today I downloaded this file and my issue got resolved. One basic question that comes in my mind is why the snortrules-snapshot file specific to version 2.9.5 was not available when snort package 2.9.5. was made available for download. This would really be helpful for new users downloading the snort. I had put more than 2 weeks to figure out what was the problem. Thanks. Regards, Anshuman From: Joel Esler [mailto:jesler () sourcefire com] Sent: Friday, August 30, 2013 2:42 AM To: Anshuman Anil Deshmukh Cc: snort-users@ Subject: Re: [Snort-users] Issue with shared object rules You are using the wrong version of the rules with your version of Snort. That is the answer. They must match. Delete the ones you have, replace them with the correct version. Make sure Snort is reading the correct directory. On Aug 29, 2013, at 3:14 PM, Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com>> wrote: Hi, Waiting for a satisfactory reply. I already sent the error. Regards, Anshuman Anil Deshmukh // Information Security-Analyst Phone: 91-20-66041700, 91-20-66044700 (Extn. 6114) Cell: 91-99230-51641 From: Anshuman Anil Deshmukh Sent: Thursday, August 29, 2013 12:38 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Issue with shared object rules Hi, Error is same what other users have mentioned in the link specified in my initial mail. I get the following error upon trying to use the precompiled shared libs from either of CentOS-5.4. As said earlier I tried all other versions of SO rules. Error is- "The dynamic detection library "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0 compiled with dynamic engine library version 1.17 isn't compatible with the current dynamic engine library. Regards, Anshuman Deshmukh Sent from Google phone Joel Esler <jesler () sourcefire com<mailto:jesler () sourcefire com>> wrote: It helps us tremendously if you paste the error you are getting. https://github.com/vrtadmin/snort-faq/blob/master/Lists/How-do-I-submit-a-good-question.md -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Aug 28, 2013, at 1:30 PM, Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com>> wrote: Hi, I tried using SO rules for my version. Even they don't work. I am on Snort version 2.9.5. Even I tried to use the SO rules from all other versions. Outcome is same. Could you please divert me to the correct file which can be used? Thanks. Regards, Anshuman Deshmukh Sent from Google phone JJ Cummings <cummingsj () gmail com<mailto:cummingsj () gmail com>> wrote: You are using different versions... The version of SO rules that shop in the rule pack are designated for _that_ version of snort only... Sent from the iRoad On Aug 28, 2013, at 7:25, Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com>> wrote: With reference to the discussion for thread http://seclists.org/snort/2013/q3/36 I was trying to get so_rules worked for the Snort version 2.9.5 (x86_64). I am facing the same issue – “…. isn't compatible with the current dynamic engine library”. The link http://www.snort.org/dl/snort-current/snort-2.9.4.6.tar.gz provided in this discussion thread doesn’t have any so_rules in it. Can anybody in this thread let me know if they were able to resolve the problem of creating stub files on Cent OS 6.4 x86_64? A step-by-step procedure to would help. Thanks. -Anshuman "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/> ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/> ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/> ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Issue with shared object rules [solved] Anshuman Anil Deshmukh (Aug 30)
- Re: Issue with shared object rules [solved] Joel Esler (Aug 30)