[Snort-users] undefined symbol: LibVersion error

David Holder david.holder at ...11827...
Fri Apr 16 11:58:55 EDT 2010


Hi JJ,

Thanks for your reply, I can now run it.

However, I've come across a different problem now. Everything seems to
indicate that snort is working fine, but nothing is being logged into the
MYSQL database. I've added the following into my snort.conf:

output database: log, mysql, user=snort password=MyDBPassword dbname=snort
host=localhost

Base is reporting no information:

Sensors/Total: 0 / 1
Unique Alerts: 0
Categories: 0
Total Number of Alerts: 0

    * Src IP addrs: 0
    * Dest. IP addrs: 0
    * Unique IP links 0

If I try and run snort without Daemon mode I get the following output:

Initializing Network Interface eth0
Decoding Ethernet on interface eth0
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = snort
database:  database name = snort
database:    sensor name = 192.168.202.239
database:      sensor id = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

eth0 is the correct name. Although the last thing to come from terminal is:

Not Using PCAP_FRAMES.

I've run snort -DEV and I can see the traffic being analysed, so there is
something there to log.

Any help would be appreciated.

Thanks,

On Fri, Apr 16, 2010 at 4:19 PM, JJ Cummings <cummingsj at ...11827...> wrote:

> Delete all of the *example* rules that are in
> /usr/local/lib/snort_dynamicrules/
>
>
>
> On Fri, Apr 16, 2010 at 9:14 AM, David Holder <david.holder at ...11827...>wrote:
>
>> Hi all,
>>
>> I installed Snort yesterday and configured it based on the guide provided
>> on the ubuntu forums : http://ubuntuforums.org/showthread.php?t=919472
>>
>> I'm running ubuntu 9.10 server edition and the latest version of Snort and
>> BASE.
>>
>> I've managed to configure the database, permissions, snort.conf but when I
>> try and launch snort like so:
>>
>> snort -c /etc/snort/snort.conf
>>
>> I get the following:
>>
>> root at ...2306...:~# snort -c /etc/snort/snort.conf
>> Running in IDS mode
>>
>>         --== Initializing Snort ==--
>> Initializing Output Plugins!
>> Initializing Preprocessors!
>> Initializing Plug-ins!
>> Parsing Rules file "/etc/snort/snort.conf"
>> PortVar 'HTTP_PORTS' defined :  [ 80 1220 2301 3128 7777 7779 8000 8008
>> 8028 8080 8180 8888 9999 ]
>> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
>> PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
>> Detection:
>>    Search-Method = AC-BNFA-Q
>> Tagged Packet Limit: 256
>> Loading dynamic engine
>> /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
>> Loading all dynamic detection libs from
>> /usr/local/lib/snort_dynamicrules...
>>   Loading dynamic detection library
>> /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so... ERROR:
>> Failed to find LibVersion() function in
>> /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so:
>> /usr/local/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so: undefined
>> symbol: LibVersion
>> Fatal Error, Quitting..
>>
>> Does anyone have any idea how I can resolve this issue?
>>
>> Thanks,
>>
>> David
>>
>>
>> ------------------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100416/b58e5763/attachment.html>


More information about the Snort-users mailing list