Snort mailing list archives

Re: undefined symbol: LibVersion error

From: David Holder <david.holder () gmail com>
Date: Fri, 16 Apr 2010 16:58:55 +0100

Hi JJ,

Thanks for your reply, I can now run it.

However, I've come across a different problem now. Everything seems to
indicate that snort is working fine, but nothing is being logged into the
MYSQL database. I've added the following into my snort.conf:

output database: log, mysql, user=snort password=MyDBPassword dbname=snort
host=localhost

Base is reporting no information:

Sensors/Total: 0 / 1
Unique Alerts: 0
Categories: 0
Total Number of Alerts: 0

    * Src IP addrs: 0
    * Dest. IP addrs: 0
    * Unique IP links 0

If I try and run snort without Daemon mode I get the following output:

Initializing Network Interface eth0
Decoding Ethernet on interface eth0
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snort
database:  database name = snort
database:    sensor name = 192.168.202.239
database:      sensor id = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

eth0 is the correct name. Although the last thing to come from terminal is:

Not Using PCAP_FRAMES.

I've run snort -DEV and I can see the traffic being analysed, so there is
something there to log.

Any help would be appreciated.

Thanks,

On Fri, Apr 16, 2010 at 4:19 PM, JJ Cummings <cummingsj () gmail com> wrote:

Delete all of the *example* rules that are in
/usr/local/lib/snort_dynamicrules/



On Fri, Apr 16, 2010 at 9:14 AM, David Holder <david.holder () gmail com>wrote:

Hi all,

I installed Snort yesterday and configured it based on the guide provided
on the ubuntu forums : http://ubuntuforums.org/showthread.php?t=919472

I'm running ubuntu 9.10 server edition and the latest version of Snort and
BASE.

I've managed to configure the database, permissions, snort.conf but when I
try and launch snort like so:

snort -c /etc/snort/snort.conf

I get the following:

root@snort:~# snort -c /etc/snort/snort.conf
Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80 1220 2301 3128 7777 7779 8000 8008
8028 8080 8180 8888 9999 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
Detection:
   Search-Method = AC-BNFA-Q
Tagged Packet Limit: 256
Loading dynamic engine
/usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic detection libs from
/usr/local/lib/snort_dynamicrules...
  Loading dynamic detection library
/usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so... ERROR:
Failed to find LibVersion() function in
/usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so:
/usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so: undefined
symbol: LibVersion
Fatal Error, Quitting..

Does anyone have any idea how I can resolve this issue?

Thanks,

David


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

undefined symbol: LibVersion error David Holder (Apr 16)
- Re: undefined symbol: LibVersion error JJ Cummings (Apr 16)
  - Re: undefined symbol: LibVersion error David Holder (Apr 16)
    - Re: undefined symbol: LibVersion error JJ Cummings (Apr 16)
    - Re: undefined symbol: LibVersion error David Holder (Apr 18)
    - Re: undefined symbol: LibVersion error Richard Bejtlich (Apr 18)
    - Re: undefined symbol: LibVersion error JJ Cummings (Apr 18)