Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: After updating preprocessors trouble.

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 13 Nov 2015 17:22:29 +0000
This generally means that you have an older version of Snort preprocessor installed with a newer version of Snort.

You need to uninstall the old version of Snort and it’s preprocessors before you attempt to run the new one.
--
Joel Esler
Manager, Talos Group




On Nov 13, 2015, at 1:03 AM, Oleg Ruso <soy_siberiano () yahoo com<mailto:soy_siberiano () yahoo com>> wrote:

Hi List.
-------------------------
snort-2.9.7.6
Name           : snort
Version        : 2.9.7.6
Architecture   : freebsd:9:x86:64
...
Options        :
        APPID          : off
        BARNYARD       : on
        DBGSNORT       : off
        DOCS           : on
        FILEINSPECT    : on
        GRE            : on
        HA             : off
        IPV6           : off
        LRGPCAP        : off
        NONETHER       : off
        NORMALIZER     : on
        PERFPROFILE    : on
        PULLEDPORK     : on
        SOURCEFIRE     : on
Shared Libs required:
        libpcre.so.1
        libsfbpf.so.0
        libcrypto.so.8
        libdnet.so.1
Shared Libs provided:
        libsf_dce2_preproc.so.0
        libsf_engine.so.0
        libsf_sdf_preproc.so.0
        libsf_pop_preproc.so.0
        libsf_ssl_preproc.so.0
        libsf_modbus_preproc.so.0
        libsf_file_preproc.so.0
        libsf_dns_preproc.so.0
        libsf_ssh_preproc.so.0
        libsf_reputation_preproc.so.0
        libsf_smtp_preproc.so.0
        libsf_gtp_preproc.so.0
        libsf_imap_preproc.so.0
        libsf_ftptelnet_preproc.so.0
        libsf_dnp3_preproc.so.0
        libsf_sip_preproc.so.0
----------------------------------------------------

After the updating, got a problem with  preprocessors.

1. Start:
snort -T -c /usr/local/etc/snort/snort.conf
Got an error
-----------------
ERROR size 1152 != 1128
ERROR: Failed to initialize dynamic preprocessor: APPID version 1.1.4 (-2)
---------------
it was a conflict with old preprocessors libraries version.
I deleted all files from the

dynamicpreprocessor directory /usr/local/lib/snort/dynamic_preproc
and then, reinstalled Snort.(from port)

And now, got only one file in the dynamicpreprocessor directory.

-rw-r--r--  1 root  wheel   110k 11 ноя 16:43 libsf_dynamic_preproc.a

2.The consequence are - can`t to start preprocessors
dns, ssh, dcerpc2, dcerpc2_server

En error example
ERROR: /usr/local/etc/snort/snort.conf(150) Unknown preprocessor: "dns".

I  checked the config file carefully, has not some errors.

 Where to find missing libraries for snort-2.9.7.6 ? Or what another reason can be?
Thanks.


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: