Snort mailing list archives

Re: service snortd start failure

From: Tal Bar-Or <tbaror () gmail com>
Date: Wed, 9 May 2012 08:06:04 +0300
Hi Jag,

I run the requested command and it seems ok ,

[ Port Based Pattern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format    : Full-Q
| Finite Automaton  : DFA
| Alphabet Size     : 256 Chars
| Sizeof State      : Variable (1,2,4 bytes)
| Instances         : 192
|     1 byte states : 177
|     2 byte states : 15
|     4 byte states : 0
| Characters        : 89143
| States            : 60717
| Transitions       : 4199371
| State Density     : 27.0%
| Patterns          : 5193
| Match States      : 4804
| Memory (MB)       : 31.36
|   Patterns        : 0.57
|   Match Lists     : 1.12
|   DFA
|     1 byte states : 1.06
|     2 byte states : 28.25
|     4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 1336 ]

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.2.2 IPv6 GRE (Build 121)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using libpcap version 1.2.1
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.3

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15  <Build 18>
           Preprocessor Object: SF_GTP (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_REPUTATION (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
           Preprocessor Object: SF_DNP3 (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_DCERPC2 (IPV6)  Version 1.0  <Build 3>
           Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>
           Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>
           Preprocessor Object: SF_SDF (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
           Preprocessor Object: SF_MODBUS (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_POP (IPV6)  Version 1.0  <Build 1>

Snort successfully validated the configuration!
Snort exiting


Hi all

@ Tal Bar-or. To test changes to snort.conf I run the following - try that:
                Snort -c /etc/snort/snort.conf -T
In your post you have specified -i which is for putting snort in Packet
Sniffing mode  -c is for intrusion sensing.
What mode are you attempting to get working?
I hope this helps.  Regards

Jag Mander



---------- Forwarded message ----------
From: Tal Bar-Or <tbaror () gmail com>
Date: Tue, May 8, 2012 at 5:10 PM
Subject: service snortd start failure
To: Snort-users () lists sourceforge net


Hello All,
I have installed Snort 2.9.2.2 on CentOs 6.2 x_64 , i have also set
the environment rule etc..
now when i am starting snort service i get following errors:

service snortd start
Starting snort: ERROR size 784 != 856 Looking also  into
/var/log/messages log i have :

FATAL ERROR: Failed to initialize dynamic preprocessor: SF_GTP (IPV6)
version 1.1.1 (-2)

in addition i did try testing at shell  command , testing run work perfectly.

snort -c /etc/snort/snort.conf -i eth0

I really don't now where is the issue, if someone tackled this lately
could share info.
Please advice

Thanks


-- 
Tal Bar-or

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:

service snortd start failure Tal Bar-Or (May 08)
- Re: service snortd start failure waldo kitty (May 08)
- Re: service snortd start failure Tal Bar-Or (May 08)
- <Possible follow-ups>
- Re: service snortd start failure Jagdip Mander (May 08)
  - Re: service snortd start failure Russ Combs (May 08)