[Snort-users] MySQL support for Snort 2.9.4

Jeremy Hoel jthoel at ...11827...
Mon Dec 10 21:07:27 EST 2012


yes.. it could be.  If you have no files there then you can comment those out.

And you can use ipvar for ipv4 only.. that's not a problem, I jsut
didn't know if you have var or ipvar before and if you planned on
using ipv6 (that preprocessor was v6)

On Mon, Dec 10, 2012 at 6:52 PM, Kaya Saman <kayasaman at ...11827...> wrote:
> On 12/11/2012 01:41 AM, Jeremy Hoel wrote:
>
> Without looking at the Google's, normally preprocessor errors are missing
> files.  Look in your snort conf and make sure the paths to the preprocessors
> are correct.
>
> And if you are using ipv6 addresses make sure you use ipvar vs var in snort
> conf.
>
>
> Hmm.... this is interesting.
>
> I reverted my config back from ipvar to var since I'm using IPv4.
>
> The libraries are setup as such:
>
> # path to dynamic preprocessor libraries
> dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
>
> # path to base preprocessor engine
> dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
>
> # path to dynamic rules libraries
> dynamicdetection directory /usr/local/lib/snort_dynamicrules
>
>
> of which they are all there:
>
> # ls /usr/local/lib | grep snort
> snort_dynamicengine
> snort_dynamicpreprocessor
> snort_dynamicrules
>
>
> The rules have been setup as such:
>
> var RULE_PATH ./rules
> var SO_RULE_PATH ./so_rules
> var PREPROC_RULE_PATH ./preproc_rules
>
>
> All the *rules files and directories reside within /etc/snort/ - I have also
> attempted to put the full dir path too; /etc/snort/rules etc...
>
> - which didn't yield any difference.
>
>
> I'm not sure what's going on, I don't have anything in the dynamicrules or
> dynamicpreprocessor folders though! Could this be the issue?
>
>
> Regards,
>
>
> Kaya
>
>
>
> On Dec 10, 2012 6:16 PM, "Kaya Saman" <kayasaman at ...11827...> wrote:
>>
>> On 12/11/2012 01:13 AM, beenph wrote:
>>
>>
>>
>> On Mon, Dec 10, 2012 at 8:04 PM, Kaya Saman <kayasaman at ...11827...> wrote:
>> >
>>
>> >
>> > I've just compiled and installed Barnyard2 now and currently working on
>> > the integration with snort 2.9.3.1.
>> >
>> > I just wonder if I will need to do anything different for my BASE
>> > setup??
>> >
>>
>> No, it uses the same schema and should continue to work as expected,
>> the main difference being that its barnyard2 that feeds the database.
>>
>> -elz
>>
>>
>>
>>
>>
>> Thanks for the response!
>>
>> I know I should ask this in a new Subject Heading however I'm getting this
>> error while trying to start Snort:
>>
>> ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP (IPV6) version
>> 1.1.4 (-1)
>>
>> # snort -V
>>
>>    ,,_     -*> Snort! <*-
>>   o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40)
>>    ''''    By Martin Roesch & The Snort Team:
>> http://www.snort.org/snort/snort-team
>>            Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>>            Using libpcap version 1.3.0
>>            Using PCRE version: 8.30 2012-02-04
>>            Using ZLIB version: 1.2.3
>>
>>
>> OS is OpenBSD 5.2 SPARC64
>>
>> Am running: snort -T -i trunk0 -c /etc/snort/snort.conf to start snort
>>
>>
>> Am currently Google'ing it but not getting very far.......
>>
>>
>> Regards,
>>
>>
>> Kaya
>
>




More information about the Snort-users mailing list