Snort mailing list archives
Re: Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL
From: "Chan, Wilson" <wchan () honolulu gov>
Date: Thu, 18 Feb 2010 10:01:45 -1000
Thanks Matt for pointing that out. From the output below there is a section in the snort.conf that defines the
directories for the preprocessors. After changing that the sensor is working again. :)
[root@snort-test snort]# snort -c snort.conf
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1521 ]
PortVar 'FTP_PORTS' defined : [ 21 ]
ERROR: ../../src/parser.c(5050) Could not stat dynamic module path "/usr/lib/snort-2.8.5_dynamicpreprocessor/": No such
file or directory.
Fatal Error, Quitting..
[root@snort-test snort]# ls /usr/lib/snort*
/usr/lib/snort-2.8.5.3_dynamicengine:
libsf_engine.so libsf_engine.so.0
/usr/lib/snort-2.8.5.3_dynamicpreprocessor:
libsf_dce2_preproc.so libsf_dcerpc_preproc.so.0 libsf_ftptelnet_preproc.so libsf_smtp_preproc.so.0
libsf_ssl_preproc.so
libsf_dce2_preproc.so.0 libsf_dns_preproc.so libsf_ftptelnet_preproc.so.0 libsf_ssh_preproc.so
libsf_ssl_preproc.so.0
libsf_dcerpc_preproc.so libsf_dns_preproc.so.0 libsf_smtp_preproc.so libsf_ssh_preproc.so.0
[root@snort-test snort]#
[root@snort-test snort]# grep snort-2.8.5_dynamicpreprocessor *
snort.conf:dynamicpreprocessor directory /usr/lib/snort-2.8.5_dynamicpreprocessor/
snort.conf.bk:dynamicpreprocessor directory /usr/lib/snort-2.8.5_dynamicpreprocessor/
Wilson
-----Original Message-----
From: Matt Olney [mailto:molney () sourcefire com]
Sent: Wednesday, February 17, 2010 5:52 PM
To: Chan, Wilson
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL
Not sure if this is it, but the error:
Could not stat dynamic module path
"/usr/lib/snort-2.8.5_dynamicpreprocessor/": No such file or
directory.
Does not match your directory for your ls:
[root@snort-test- snort]# cd /usr/lib/snort-2.8.5.3_dynamicpreprocessor/
On Wed, Feb 17, 2010 at 10:30 PM, Chan, Wilson <wchan () honolulu gov> wrote:
Just updated one of my CentOS boxes running snort-2.8.5.1.RH5.i386.rpm & snort-mysql-2.8.5.1.RH5.i386.rpm to the latest v2.8.5.3 and now the sensor won't run. It seems to be missing some files in the dynamicpreprocessor. Any ideas? [root@snort-test- snort]# snort -c snort.conf Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "snort.conf" PortVar 'HTTP_PORTS' defined : [ 80 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1521 ] PortVar 'FTP_PORTS' defined : [ 21 ] ERROR: ../../src/parser.c(5050) Could not stat dynamic module path "/usr/lib/snort-2.8.5_dynamicpreprocessor/": No such file or directory. Fatal Error, Quitting.. [root@snort-test- snort]# cd /usr/lib/snort-2.8.5.3_dynamicpreprocessor/ [root@snort-test- snort-2.8.5.3_dynamicpreprocessor]# ls libsf_dce2_preproc.so libsf_dns_preproc.so libsf_smtp_preproc.so libsf_ssl_preproc.so libsf_dce2_preproc.so.0 libsf_dns_preproc.so.0 libsf_smtp_preproc.so.0 libsf_ssl_preproc.so.0 libsf_dcerpc_preproc.so libsf_ftptelnet_preproc.so libsf_ssh_preproc.so libsf_dcerpc_preproc.so.0 libsf_ftptelnet_preproc.so.0 libsf_ssh_preproc.so.0 Thanks! Wilson ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Chan, Wilson (Feb 17)
- Re: Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Matt Olney (Feb 17)
- Re: Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Chan, Wilson (Feb 18)
- Re: Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Matt Olney (Feb 17)