[Snort-users] Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL

Chan, Wilson wchan at ...14702...
Thu Feb 18 15:01:45 EST 2010


Thanks Matt for pointing that out. From the output below there is a section in the snort.conf that defines the directories for the preprocessors. After changing that the sensor is working again. :)

[root at ...14778... snort]# snort -c snort.conf
Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "snort.conf"
PortVar 'HTTP_PORTS' defined :  [ 80 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
PortVar 'FTP_PORTS' defined :  [ 21 ]
ERROR: ../../src/parser.c(5050) Could not stat dynamic module path "/usr/lib/snort-2.8.5_dynamicpreprocessor/": No such file or directory.
Fatal Error, Quitting..


[root at ...14778... snort]# ls /usr/lib/snort*
/usr/lib/snort-2.8.5.3_dynamicengine:
libsf_engine.so  libsf_engine.so.0

/usr/lib/snort-2.8.5.3_dynamicpreprocessor:
libsf_dce2_preproc.so    libsf_dcerpc_preproc.so.0  libsf_ftptelnet_preproc.so    libsf_smtp_preproc.so.0  libsf_ssl_preproc.so
libsf_dce2_preproc.so.0  libsf_dns_preproc.so       libsf_ftptelnet_preproc.so.0  libsf_ssh_preproc.so     libsf_ssl_preproc.so.0
libsf_dcerpc_preproc.so  libsf_dns_preproc.so.0     libsf_smtp_preproc.so         libsf_ssh_preproc.so.0
[root at ...14778... snort]#


[root at ...14778... snort]# grep snort-2.8.5_dynamicpreprocessor *
snort.conf:dynamicpreprocessor directory /usr/lib/snort-2.8.5_dynamicpreprocessor/
snort.conf.bk:dynamicpreprocessor directory /usr/lib/snort-2.8.5_dynamicpreprocessor/


Wilson 
-----Original Message-----
From: Matt Olney [mailto:molney at ...1935...] 
Sent: Wednesday, February 17, 2010 5:52 PM
To: Chan, Wilson
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL

Not sure if this is it, but the error:

 Could not stat dynamic module path
"/usr/lib/snort-2.8.5_dynamicpreprocessor/": No such file or
directory.

Does not match your directory for your ls:

[root at ...14777... snort]# cd /usr/lib/snort-2.8.5.3_dynamicpreprocessor/

On Wed, Feb 17, 2010 at 10:30 PM, Chan, Wilson <wchan at ...14702...> wrote:
> Just updated one of my CentOS boxes running snort-2.8.5.1.RH5.i386.rpm &
> snort-mysql-2.8.5.1.RH5.i386.rpm to the latest v2.8.5.3 and now the sensor
> won't run. It seems to be missing some files in the dynamicpreprocessor. Any
> ideas?
>
>
>
> [root at ...14777... snort]# snort -c snort.conf
>
> Running in IDS mode
>
>
>
>         --== Initializing Snort ==--
>
> Initializing Output Plugins!
>
> Initializing Preprocessors!
>
> Initializing Plug-ins!
>
> Parsing Rules file "snort.conf"
>
> PortVar 'HTTP_PORTS' defined :  [ 80 ]
>
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
>
> PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
>
> PortVar 'FTP_PORTS' defined :  [ 21 ]
>
> ERROR: ../../src/parser.c(5050) Could not stat dynamic module path
> "/usr/lib/snort-2.8.5_dynamicpreprocessor/": No such file or directory.
>
> Fatal Error, Quitting..
>
>
>
> [root at ...14777... snort]# cd /usr/lib/snort-2.8.5.3_dynamicpreprocessor/
>
> [root at ...14777... snort-2.8.5.3_dynamicpreprocessor]# ls
>
> libsf_dce2_preproc.so      libsf_dns_preproc.so
> libsf_smtp_preproc.so    libsf_ssl_preproc.so
>
> libsf_dce2_preproc.so.0    libsf_dns_preproc.so.0
> libsf_smtp_preproc.so.0  libsf_ssl_preproc.so.0
>
> libsf_dcerpc_preproc.so    libsf_ftptelnet_preproc.so
> libsf_ssh_preproc.so
>
> libsf_dcerpc_preproc.so.0  libsf_ftptelnet_preproc.so.0
> libsf_ssh_preproc.so.0
>
>
>
>
>
> Thanks!
>
>
>
> Wilson
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list