[Snort-users] seek help for installation for snort2.8

Ryan Jordan ryan.jordan at ...1935...
Sat Jan 23 12:43:42 EST 2010


It sounds like you're still using your old snort.conf file. "flow" has been
deprecated for some time, and we finally removed it from Snort. Use Stream5
instead.

When you upgrade Snort, you should start with the new snort.conf file and
make changes to fit your preferences.

-Ryan

On Fri, Jan 22, 2010 at 10:12 PM, bai haoquan <baihaoquan at ...11827...> wrote:

> Hi Ryan,
>
> I did "make uninstall" in the snort directory, and then delete the
> /usr/local/snort/, but when I install the snort-2.8.5.2, also failed:
>
> ....
>     Portscan Detection Config:
>     Detect Protocols:  TCP UDP ICMP IP
>     Detect Scan Type:  portscan portsweep decoy_portscan
> distributed_portscan
>     Sensitivity Level: Low
>     Memcap (in bytes): 10000000
>     Number of Nodes:   36900
>     ERROR: /usr/local/snort/etc/snort.conf(190) Unknown preprocessor:
> "flow".
>     Fatal Error, Quitting..
> and I had already add two lines
>
> "dynamicpreprocessor directory
> /usr/local/snort/lib/snort_dynamicpreprocessor/
>  dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so"
>
>  in my snort.conf.
>
> Please help me to fix this, thank you very much.
>
>
>
> On Sat, Jan 23, 2010 at 1:09 AM, Ryan Jordan <ryan.jordan at ...1935...>wrote:
>
>> Make sure you don't have old preprocessors from previous installations
>> hanging around in your /usr/local/snort/lib/snort_dynamicpreprocessor
>> directory. The easiest way to do this would be to delete them all and re-do
>> "make install".
>>
>> If all else fails, upgrade to a recent version of Snort and try again.
>> Snort 2.8.0 is pretty old in Internet years.
>>
>>   On Fri, Jan 22, 2010 at 7:06 AM, bai haoquan <baihaoquan at ...11827...>wrote:
>>
>>>   Hi all,
>>>
>>> I want to install snort-2.8.0 on my Fedora12, but after the "./configure
>>> --prefix=/usr/local/snort/ --with-mysql=/usr/local/mysql/
>>> --enable-dynamicplugin --enable-inline, make, make install", then  I add two
>>> lines
>>>
>>> "dynamicpreprocessor directory
>>> /usr/local/snort/lib/snort_dynamicpreprocessor/
>>>  dynamicengine
>>> /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so"
>>>
>>> in my snort.conf, but when I use commandline "snort -c
>>> /usr/local/snort/etc/snort.conf" to start snort, some erres msg occurd as
>>> below:
>>>    .....
>>>   Loading dynamic preprocessor library
>>> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so...
>>> done
>>>   Loading dynamic preprocessor library
>>> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>>>   Loading dynamic preprocessor library
>>> /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>>>   Finished Loading all dynamic preprocessor libs from
>>> /usr/local/snort/lib/snort_dynamicpreprocessor/
>>>   ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP version
>>> 1.1.3
>>>
>>>
>>>  I am looking forward to your early reply and thanks very much.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Throughout its 18-year history, RSA Conference consistently attracts the
>>> world's best and brightest in the field, creating opportunities for
>>> Conference
>>> attendees to learn about information security's most important issues
>>> through
>>> interactions with peers, luminaries and emerging and established
>>> companies.
>>> http://p.sf.net/sfu/rsaconf-dev2dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100123/e31ce72a/attachment.html>


More information about the Snort-users mailing list