Snort mailing list archives

Previous By Date Next
Previous By Thread Next

can`t to start preprocessors after updating

From: Oleg Ruso <soy_siberiano () yahoo com>
Date: Mon, 16 Nov 2015 12:24:11 +0000 (UTC)
Hi List.-------------------------
snort-2.9.7.6
Name           : snort
Version        : 2.9.7.6
Architecture   : freebsd:9:x86:64
...
Options        :
        APPID          : off
        BARNYARD       : on
        DBGSNORT       : off
        DOCS           : on
        FILEINSPECT    : on
        GRE            : on
        HA             : off
        IPV6           : off
        LRGPCAP        : off
        NONETHER       : off
        NORMALIZER     : on
        PERFPROFILE    : on
        PULLEDPORK     : on
        SOURCEFIRE     : on
Shared Libs required:
        libpcre.so.1
        libsfbpf.so.0
        libcrypto.so.8
        libdnet.so.1
Shared Libs provided:
        libsf_dce2_preproc.so.0
        libsf_engine.so.0
        libsf_sdf_preproc.so.0
        libsf_pop_preproc.so.0
        libsf_ssl_preproc.so.0
        libsf_modbus_preproc.so.0
        libsf_file_preproc.so.0
        libsf_dns_preproc.so.0
        libsf_ssh_preproc.so.0
        libsf_reputation_preproc.so.0
        libsf_smtp_preproc.so.0
        libsf_gtp_preproc.so.0
        libsf_imap_preproc.so.0
        libsf_ftptelnet_preproc.so.0
        libsf_dnp3_preproc.so.0
        libsf_sip_preproc.so.0---------------------------------------------------- 

After the updating, got a problem with  preprocessors.

1. Start:
snort -T -c /usr/local/etc/snort/snort.conf
Got an error
-----------------
ERROR size 1152 != 1128
ERROR: Failed to initialize dynamic preprocessor: APPID version 1.1.4 (-2)
---------------
it was a conflict with an  old preprocessors libraries version. 
I deleted all files from the 

dynamicpreprocessor directory /usr/local/lib/snort/dynamic_preproc
and then, reinstalled Snort.(from port)

And now, got only one file in the dynamicpreprocessor directory.
-rw-r--r--  1 root  wheel   110k 11 ноя 16:43 libsf_dynamic_preproc.a
2.The consequence are - can`t to start preprocessors 
dns, ssh, dcerpc2, dcerpc2_server

En error example 
ERROR: /usr/local/etc/snort/snort.conf(150) Unknown preprocessor: "dns".
I  checked the config file carefully, has not some errors.  

 Where to find missing libraries for snort-2.9.7.6 ? Or what another reason can be?
Thanks.

------------------------------------------------------------------------------
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: