[Snort-users] MySQL support for Snort 2.9.4
kayasaman at ...11827...
Mon Dec 10 20:52:12 EST 2012
On 12/11/2012 01:41 AM, Jeremy Hoel wrote:
> Without looking at the Google's, normally preprocessor errors are
> missing files. Look in your snort conf and make sure the paths to the
> preprocessors are correct.
> And if you are using ipv6 addresses make sure you use ipvar vs var in
> snort conf.
Hmm.... this is interesting.
I reverted my config back from ipvar to var since I'm using IPv4.
The libraries are setup as such:
# path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
# path to base preprocessor engine
# path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules
of which they are all there:
# ls /usr/local/lib | grep snort
The rules have been setup as such:
var RULE_PATH ./rules
var SO_RULE_PATH ./so_rules
var PREPROC_RULE_PATH ./preproc_rules
All the *rules files and directories reside within /etc/snort/ - I have
also attempted to put the full dir path too; /etc/snort/rules etc...
- which didn't yield any difference.
I'm not sure what's going on, I don't have anything in the dynamicrules
or dynamicpreprocessor folders though! Could this be the issue?
> On Dec 10, 2012 6:16 PM, "Kaya Saman" <kayasaman at ...11827...
> <mailto:kayasaman at ...11827...>> wrote:
> On 12/11/2012 01:13 AM, beenph wrote:
>> On Mon, Dec 10, 2012 at 8:04 PM, Kaya Saman <kayasaman at ...11827...
>> <mailto:kayasaman at ...11827...>> wrote:
>> > I've just compiled and installed Barnyard2 now and currently
>> working on
>> > the integration with snort 188.8.131.52.
>> > I just wonder if I will need to do anything different for my
>> BASE setup??
>> No, it uses the same schema and should continue to work as expected,
>> the main difference being that its barnyard2 that feeds the database.
> Thanks for the response!
> I know I should ask this in a new Subject Heading however I'm
> getting this error while trying to start Snort:
> ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP (IPV6)
> version 1.1.4 (-1)
> # snort -V
> ,,_ -*> Snort! <*-
> o" )~ Version 184.108.40.206 IPv6 GRE (Build 40)
> '''' By Martin Roesch & The Snort Team:
> Copyright (C) 1998-2012 Sourcefire, Inc., et al.
> Using libpcap version 1.3.0
> Using PCRE version: 8.30 2012-02-04
> Using ZLIB version: 1.2.3
> OS is OpenBSD 5.2 SPARC64
> Am running: snort -T -i trunk0 -c /etc/snort/snort.conf to start snort
> Am currently Google'ing it but not getting very far.......
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users