Re: Preprocessor issue? can't get new snort to initialize...

[Joel Esler <jesler () sourcefire com>]

That means that you are using a different version of preprocessor with an alternate version of Snort.

That being said, I'd upgrade to 2.9.2.2, as barnyard2 now has snortsam integrated into it.

J

On Mar 29, 2012, at 3:12 PM, Jeff Kell <jeff-kell () utc edu> wrote:

> The new little piggy is driving me nuts....
>
> Fails to initialize, last logged messages:
>
> rpc_decode arguments:
>    Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
>    alert_fragments: INACTIVE
>    alert_large_fragments: INACTIVE
>    alert_incomplete: INACTIVE
>    alert_multiple_requests: INACTIVE
> ERROR: Failed to initialize dynamic preprocessor: SF_DCERPC version 1.1.5 (-1)
> Fatal Error, Quitting..
>
> Previously in the startup it loaded the preprocessors just fine...
>
> Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>  Finished Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/
>
> This is snort 2.9.1.2 (most recent version with snortsam patch available)...
>
> # snort -V
>
>   ,,_     -*> Snort! <*-
>  o"  )~   Version 2.9.1.2 IPv6 GRE (Build 84)
>   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
>           Using libpcap version 1.1.1
>           Using PCRE version: 6.6 06-Feb-2006
>           Using ZLIB version: 1.2.3
>
>
> Any clues?  Hints?  Clue-bats?  :)
>
> Jeff
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here 
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!