[Snort-users] ERROR: The dynamic detection library

waldo kitty wkitty42 at ...14940...
Wed Aug 8 22:47:07 EDT 2012


On 8/8/2012 20:56, Jerry McCaslin wrote:
> Having problems starting snort on new build.
> snort-2.9.3.1
> snortrules-snapshot-2922
> ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/smtp.so"
> version 1.0 compiled with dynamic engine library version 1.15 isn't compatible
> with the current dynamic engine library
> "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 1.16.
> Fatal Error, Quitting..

if i'm reading the above correctly, you are trying to use the so rules from 
2.9.2.2 with 2.9.3.1 and "that dawg won't hunt"... the dynamic so rules have to 
be from the same version as they are specifically compiled for each...

options?
1. download the proper rule set for your version of snort.
2. simply turn off the dynamic rules (comment a line in the conf).
3. remove all the so rules that are not compatible with your version of snort.

for #2 above, comment out the line in your snort.conf /similar/ to the following...

   dynamicdetection directory /usr/local/lib/snort_dynamic_rules

just place a # at the beginning of the line and try starting snort again...

for #3 above, we've seen times where the old so rules or dynamicdetection 
libraries were not removed during *our* upgrade process and the error was very 
similar... i say similar because i can't recall it exactly... in any case, what 
we did was to remove all of the so rules and dynamicdetection libraries and then 
reinstall to place all the proper ones back where they needed to go... needless 
to say, our upgrade procedures were modified after that ;)





More information about the Snort-users mailing list