[Snort-users] Fw: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_SDF version 1.1.1

Ryan Jordan ryan.jordan at ...1935...
Fri Apr 30 11:08:52 EDT 2010


There's a couple things going on here.

First: Your snort.conf file is going to have a line that reads like this:
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

Snort is going to attempt to load EVERY .so file contained in that
directory. No more, no less. The error message doesn't mean that Snort
can't find your SDF preprocessor -- it means that it was found, but
didn't load correctly.

Second: The interface between Snort and its .so preprocessors/rules
changes with most Snort releases. If you mix and match your versions,
Snort will segfault. If you recompile Snort with different configure
options, you also need to rebuild and reinstall the .so files.

ccie:
Right now you're running Snort 2.8.5.3 with a 2.8.6 preprocessor. SDF
was newly introduced in Snort 2.8.6, so simply doing a "make install"
from 2.8.5.3 would not overwrite it. You should uninstall your current
Snort stuff first, *then* reinstall.

I'm not sure why you had problems with 2.8.6 in the first place.
Perhaps you were running a different Snort binary than the one you
installed?

-Ryan

On Fri, Apr 30, 2010 at 10:45 AM, Joel Esler <jesler at ...1935...> wrote:
> Wait, are you trying to use 2.8.5.3 with the 2.8.6 preprocessors?
> J
>
> On Fri, Apr 30, 2010 at 10:39 AM, ccie 6862 <ccie6862 at ...131...> wrote:
>>
>>
>> --- On Fri, 4/30/10, ccie 6862 <ccie6862 at ...131...> wrote:
>>
>> > From: ccie 6862 <ccie6862 at ...131...>
>> > Subject: [Snort-users] FATAL ERROR: Failed to initialize dynamic
>> > preprocessor: SF_SDF version 1.1.1
>> > To: "Snort-users at lists.sourceforge.net"
>> > <Snort-users at lists.sourceforge.net>
>> > Date: Friday, April 30, 2010, 9:05 AM
>> > I just upgraded snort and now can't
>> > start it due to this error. This is running on a CentOS 5
>> > 64-bit system. Google isn't turning up anything, and I'm
>> > tempted to go through my snort.conf file and start
>> > commenting out lines. Has anyone else run into this? The
>> > system was working under the previous version of snort.
>> >
>> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>>
>> Hmmm, this is getting frustrating. I just downgraded to snort-2.8.5.3, and
>> I'm getting the same error. I had been running 2.5.8.2, but I can't find the
>> source files.
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list