[Snort-devel] dump-dynamic-preproc-genmsg

Steven Sturges steve.sturges at ...402...
Thu Jun 4 10:32:52 EDT 2009


Hi all--

That option was intended to dump an equivalent to gen-msg.map
for any dynamic preprocessors.  However the code was never
completed because the Snort team has been updating that file when
new preprocessor events are added.

To avoid confusion, we'll remove the option going forward.

Cheers
-steve

Jason Wallace wrote:
> This looks like it _may_ be an issue with snort and not the Gentoo ebuild.
> 
> I'm currently using the 2.8.4.1 ebuild on x86 and hardened x86. It
> appears to not be working on my boxes either, so I pulled the 2.8.4.1
> source tarball and installed snort in /usr/local/ so not to conflict
> with the Gentoo installed version.
> 
> Nothing fancy...
> 
> ./configure
> make
> make install
> 
> I have the following in my snort.conf...
> 
> dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
> 
> just for the record...
> 
> # ls /usr/local/lib/snort_dynamicpreprocessor/
> lib_sfdynamic_preprocessor_example.a         libsf_dcerpc_preproc.a
>      libsf_ftptelnet_preproc.a         libsf_ssh_preproc.a
> lib_sfdynamic_preprocessor_example.la        libsf_dcerpc_preproc.la
>      libsf_ftptelnet_preproc.la        libsf_ssh_preproc.la
> lib_sfdynamic_preprocessor_example.so        libsf_dcerpc_preproc.so
>      libsf_ftptelnet_preproc.so        libsf_ssh_preproc.so
> lib_sfdynamic_preprocessor_example.so.0      libsf_dcerpc_preproc.so.0
>      libsf_ftptelnet_preproc.so.0      libsf_ssh_preproc.so.0
> lib_sfdynamic_preprocessor_example.so.0.0.0
> libsf_dcerpc_preproc.so.0.0.0  libsf_ftptelnet_preproc.so.0.0.0
> libsf_ssh_preproc.so.0.0.0
> libsf_dce2_preproc.a                         libsf_dns_preproc.a
>      libsf_smtp_preproc.a              libsf_ssl_preproc.a
> libsf_dce2_preproc.la                        libsf_dns_preproc.la
>      libsf_smtp_preproc.la             libsf_ssl_preproc.la
> libsf_dce2_preproc.so                        libsf_dns_preproc.so
>      libsf_smtp_preproc.so             libsf_ssl_preproc.so
> libsf_dce2_preproc.so.0                      libsf_dns_preproc.so.0
>      libsf_smtp_preproc.so.0           libsf_ssl_preproc.so.0
> libsf_dce2_preproc.so.0.0.0
> libsf_dns_preproc.so.0.0.0     libsf_smtp_preproc.so.0.0.0
> libsf_ssl_preproc.so.0.0.0
> 
> Then i tried...
> mkdir /etc/snort/temp/
> /usr/local/bin/snort -c /etc/snort/snort.conf
> --dump-dynamic-preproc-genmsg /etc/snort/temp/
> 
> The above does NOT produce a gen-msg.map, so I think this may be an
> issue with snort and not the ebuild. It appears to "hang", but
> actually it is starting the service. Doing a ctrl-c shows capture
> stats that show traffic was being captured.
> 
> I also tried...
> 
> /usr/local/bin/snort -T -c /etc/snort/snort.conf
> --dump-dynamic-preproc-genmsg /etc/snort/temp/
> 
> This does also does NOT produce a gen-msg.map either, but it does not "hang".
> 
> Can anyone confirm that this is or is not working on other distros?
> 
> Wally
> 
> 
> 
> 
> On Thu, Jun 4, 2009 at 4:56 AM, Zultan<zultan at ...1817...> wrote:
>> --dump-dynamic-preproc-genmsg does not appear to work.
>>
>> Running:
>> snort -c /etc/snort/snort.conf --dump-dynamic-preproc-genmsg ./dir
>>
>> It spews out all the stats and then hangs at the end.  Nothing goes into ./dir
>>
>> Fails on Gentoo x86 and on Gentoo Hardened x86-64
>>
>> Here's the final lines.
>>
>> Z
>>
>>
>>
>>        --== Initialization Complete ==--
>>
>>   ,,_     -*> Snort! <*-
>>  o"  )~   Version 2.8.4.1 (Build 38)
>>   ''''    By Martin Roesch & The Snort Team:
>> http://www.snort.org/team.html
>>           Copyright (C) 1998-2009 Sourcefire, Inc., et al.
>>           Using PCRE version: 7.8 2008-09-05
>>
>>           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.10
>> <Build 16>
>>           Rules Object: chat  Version 1.0  <Build 1>
>>           Rules Object: imap  Version 1.0  <Build 1>
>>           Rules Object: sql  Version 1.0  <Build 1>
>>           Rules Object: bad-traffic  Version 1.0  <Build 1>
>>           Rules Object: nntp  Version 1.0  <Build 1>
>>           Rules Object: netbios  Version 1.0  <Build 1>
>>           Rules Object: p2p  Version 1.0  <Build 1>
>>           Rules Object: web-client  Version 1.0  <Build 1>
>>           Rules Object: dos  Version 1.0  <Build 1>
>>           Rules Object: misc  Version 1.0  <Build 1>
>>           Rules Object: exploit  Version 1.0  <Build 1>
>>           Rules Object: smtp  Version 1.0  <Build 1>
>>           Rules Object: multimedia  Version 1.0  <Build 1>
>>           Rules Object: web-misc  Version 1.0  <Build 1>
>>           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 2>
>>           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 11>
>>           Preprocessor Object: SF_SSH  Version 1.1  <Build 1>
>>           Preprocessor Object: SF_DCERPC  Version 1.1  <Build 4>
>>           Preprocessor Object: SF_DNS  Version 1.1  <Build 2>
>>           Preprocessor Object: SF_SMTP  Version 1.1  <Build 7>
>>           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 1>
>> Not Using PCAP_FRAMES
>> Not Using PCAP_MEMORY
>>
>>
>>
>> --
>> Be Yourself @ mail.com!
>> Choose From 200+ Email Addresses
>> Get a Free Account at www.mail.com
>>
>>
>> ------------------------------------------------------------------------------
>> OpenSolaris 2009.06 is a cutting edge operating system for enterprises
>> looking to deploy the next generation of Solaris that includes the latest
>> innovations from Sun and the OpenSource community. Download a copy and
>> enjoy capabilities such as Networking, Storage and Virtualization.
>> Go to: http://p.sf.net/sfu/opensolaris-get
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
> 
> ------------------------------------------------------------------------------
> OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
> looking to deploy the next generation of Solaris that includes the latest 
> innovations from Sun and the OpenSource community. Download a copy and 
> enjoy capabilities such as Networking, Storage and Virtualization. 
> Go to: http://p.sf.net/sfu/opensolaris-get
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list