[Snort-openappid] APPID is switched off, but returns an starting error

Mike Stepanek (mstepane) mstepane at ...5...
Mon Nov 9 08:27:23 EST 2015


Errors like that generally indicate a version mismatch between Snort and the dynamic preprocessors.  One of the very first things Snort does when it loads a preprocessor is check for API compatibility between the two.  If there's a mismatch (size/version/etc), it's a fatal error.  Have you been doing Snort builds with AppID enabled and disabled?  You may want to try cleaning up your "dynamicpreprocessor directory" and reinstalling.

- Mike Stepanek
   mstepane at ...5...

From: Oleg Ruso [mailto:soy_siberiano at ...36...]
Sent: Sunday, November 08, 2015 8:23 AM
To: snort-openappid at lists.sourceforge.net
Subject: [Snort-openappid] APPID is switched off, but returns an starting error

Hi List.
Got some trouble - the Snort does not starting
--------------------------------------------------
snort-2.9.7.6
Name           : snort
Version        : 2.9.7.6
Architecture   : freebsd:9:x86:64
...
Options        :
        APPID          : off
        BARNYARD       : on
        DBGSNORT       : off
        DOCS           : on
        FILEINSPECT    : on
        GRE            : on
        HA             : off
        IPV6           : off
        LRGPCAP        : off
        NONETHER       : off
        NORMALIZER     : on
        PERFPROFILE    : on
        PULLEDPORK     : on
        SOURCEFIRE     : on
Shared Libs required:
        libpcre.so.1
        libsfbpf.so.0
        libcrypto.so.8
        libdnet.so.1
Shared Libs provided:
        libsf_dce2_preproc.so.0
        libsf_engine.so.0
        libsf_sdf_preproc.so.0
        libsf_pop_preproc.so.0
        libsf_ssl_preproc.so.0
        libsf_modbus_preproc.so.0
        libsf_file_preproc.so.0
        libsf_dns_preproc.so.0
        libsf_ssh_preproc.so.0
        libsf_reputation_preproc.so.0
        libsf_smtp_preproc.so.0
        libsf_gtp_preproc.so.0
        libsf_imap_preproc.so.0
        libsf_ftptelnet_preproc.so.0
        libsf_dnp3_preproc.so.0
        libsf_sip_preproc.so.0
Annotations    :
        cpe            : cpe:2.3:a:snort:snort:2.9.7.6:::::freebsd9:x64
Flat size      : 7.39MiB
=========================================================
Start:
snort -T -c /usr/local/etc/snort/snort.conf
Got an error
-----------------
ERROR size 1152 != 1128
ERROR: Failed to initialize dynamic preprocessor: APPID version 1.1.4 (-2)
----------------

But the APPID is switched off.....

What i have to do? Any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20151109/b71ac763/attachment.html>


More information about the Snort-openappid mailing list