[Snort-users] Dynamic Preprocessor Errors

Matthew Watchinski mwatchinski at ...1935...
Mon Jan 29 10:44:08 EST 2007


Seems like a lot of people are having problems with this, so here's a
snippit from my snort.conf that might help.

###################################################
# Step #2: Configure dynamic loaded libraries
#
# If snort was configured to use dynamically loaded libraries,
# those libraries can be loaded here.
#
# Each of the following configuration options can be done via
# the command line as well.
#
# Load all dynamic preprocessors from the install path
# (same as command line option --dynamic-preprocessor-lib-dir)
#
# IMPORTANT READ the FOLLOWING
#
#
# Additionally if you are on Mac OSX you must read and follow the
# Instructions in doc/INSTALL when compiling.  If you don't
# you will get a snort that exits with a "bus error"
# Frustration will ensue.
#
# If your dynamic-preprocessors dir does not contain .so files you
# have to do the following
#
# cd /usr/local/lib/snort_dynamicpreprocessor
#
# ln -s libsf_ftptelnet_preproc.so.0.0 libsf_ftptelnet_preproc.so
# ln -s libsf_dcerpc_preproc.so.0.0 libsf_dcerpc_preproc.so
# ln -s libsf_smtp_preproc.so.0.0 libsf_smtp_preproc.so
# ln -s libsf_dns_preproc.so.0.0 libsf_dns_preproc.so
# ln -s libsf_ssh_preproc.so.0.0 libsf_ssh_preproc.so
#
# This is all on one line, if email word wraps fix it.
# Additionally you have to have the full qualified path
#
# Replace /usr/local/lib/snort_dynamicpreprocessor with
# whatever is the fully qualified path is to your .so files.
#
dynamicpreprocessor file
/usr/local/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
dynamicpreprocessor file
/usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so
dynamicpreprocessor file
/usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
dynamicpreprocessor file
/usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so
dynamicpreprocessor file
/usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so

dynamicengine /usr/local/lib/snort_dynamicpreprocessor/libsf_engine.so

######## END SNIPPIT ###########

Hope that helps.

Cheers,
-matt


info+lucretia.ca wrote:
> Hello.
> 
> I'm trying to build 2.7.0.beta1 on Ubuntu 6.06.  So far things are working
> well, except when I attempt to turn on the dynamic preprocessors.
> 
> I encountered an ID error when I simply uncommented them so I added some
> text to make them look like the command line counterparts.  I'm not certain
> whether they work from the command line, as I'm not interested in starting
> them this way.
> 
> Starting snort with 'sudo' using the one and only parameter:  '-c
> /etc/snort/snort.conf' I get the following output:
> 
>   ERROR: /etc/snort/snort.conf(539): Bad rule in rules file
> 
> This line contains:
> 
>   dynamic-preprocessor-lib
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
> 
> I get this error with any dynamic preprocessor enabled in snort.conf.
> 
> I've reviewed  the documentation and could find nothing indicating the
> correct format for the 'dynamic-*' options for snort.conf (the command line
> is well documented...) and I reviewed the list and forums with no luck on a
> solution.
> 
> Cheers,
> 
> 
> James Friesen, CIO
> Lucretia Enterprises
> Our World Is Here
> info at lucretia dot ca
> http://lucretia.ca

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list