[Snort-users] Preprocessor issue? can't get new snort to initialize...

Jeff Kell jeff-kell at ...6282...
Thu Mar 29 15:12:43 EDT 2012


The new little piggy is driving me nuts....

Fails to initialize, last logged messages:

rpc_decode arguments:
    Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
    alert_fragments: INACTIVE
    alert_large_fragments: INACTIVE
    alert_incomplete: INACTIVE
    alert_multiple_requests: INACTIVE
ERROR: Failed to initialize dynamic preprocessor: SF_DCERPC version 1.1.5 (-1)
Fatal Error, Quitting..

Previously in the startup it loaded the preprocessors just fine...

Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done
  Loading dynamic preprocessor library
/usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
  Finished Loading all dynamic preprocessor libs from
/usr/local/lib/snort_dynamicpreprocessor/

This is snort 2.9.1.2 (most recent version with snortsam patch available)...

# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.1.2 IPv6 GRE (Build 84)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 6.6 06-Feb-2006
           Using ZLIB version: 1.2.3


Any clues?  Hints?  Clue-bats?  :)

Jeff




More information about the Snort-users mailing list