[Snort-devel] Can`t start preprocessors after updating

Oleg Ruso soy_siberiano at ...398...
Mon Nov 16 09:51:52 EST 2015


Hi List.-------------------------
snort-2.9.7.6
Name           : snort
Version        : 2.9.7.6
Architecture   : freebsd:9:x86:64
...
Options        :
        APPID          : off
        BARNYARD       : on
        DBGSNORT       : off
        DOCS           : on
        FILEINSPECT    : on
        GRE            : on
        HA             : off
        IPV6           : off
        LRGPCAP        : off
        NONETHER       : off
        NORMALIZER     : on
        PERFPROFILE    : on
        PULLEDPORK     : on
        SOURCEFIRE     : on
Shared Libs required:
        libpcre.so.1
        libsfbpf.so.0
        libcrypto.so.8
        libdnet.so.1
Shared Libs provided:
        libsf_dce2_preproc.so.0
        libsf_engine.so.0
        libsf_sdf_preproc.so.0
        libsf_pop_preproc.so.0
        libsf_ssl_preproc.so.0
        libsf_modbus_preproc.so.0
        libsf_file_preproc.so.0
        libsf_dns_preproc.so.0
        libsf_ssh_preproc.so.0
        libsf_reputation_preproc.so.0
        libsf_smtp_preproc.so.0
        libsf_gtp_preproc.so.0
        libsf_imap_preproc.so.0
        libsf_ftptelnet_preproc.so.0
        libsf_dnp3_preproc.so.0
        libsf_sip_preproc.so.0---------------------------------------------------- 

After the updating, got a problem with  preprocessors.

1. Start:
snort -T -c /usr/local/etc/snort/snort.conf
Got an error
-----------------
ERROR size 1152 != 1128
ERROR: Failed to initialize dynamic preprocessor: APPID version 1.1.4 (-2)
---------------
it was a conflict with an  old preprocessors libraries version. 
I deleted all files from the 

dynamicpreprocessor directory /usr/local/lib/snort/dynamic_preproc
and then, reinstalled Snort.(from port)

And now, got only one file in the dynamicpreprocessor directory.
-rw-r--r--  1 root  wheel   110k 11 ноя 16:43 libsf_dynamic_preproc.a
2.The consequence are - can`t to start preprocessors 
dns, ssh, dcerpc2, dcerpc2_server

En error example 
ERROR: /usr/local/etc/snort/snort.conf(150) Unknown preprocessor: "dns".
I  checked the config file carefully, has not some errors.  

 Where to find missing libraries for snort-2.9.7.6 ? Or what another reason can be?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151116/b1823e59/attachment.html>


More information about the Snort-devel mailing list