[Snort-users] Preprocessor issue? can't get new snort to initialize...

Joel Esler jesler at ...1935...
Thu Mar 29 15:55:34 EDT 2012


That means that you are using a different version of preprocessor with an alternate version of Snort.

That being said, I'd upgrade to 2.9.2.2, as barnyard2 now has snortsam integrated into it.

J

On Mar 29, 2012, at 3:12 PM, Jeff Kell <jeff-kell at ...6282...> wrote:

> The new little piggy is driving me nuts....
> 
> Fails to initialize, last logged messages:
> 
> rpc_decode arguments:
>    Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
>    alert_fragments: INACTIVE
>    alert_large_fragments: INACTIVE
>    alert_incomplete: INACTIVE
>    alert_multiple_requests: INACTIVE
> ERROR: Failed to initialize dynamic preprocessor: SF_DCERPC version 1.1.5 (-1)
> Fatal Error, Quitting..
> 
> Previously in the startup it loaded the preprocessors just fine...
> 
> Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>  Finished Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/
> 
> This is snort 2.9.1.2 (most recent version with snortsam patch available)...
> 
> # snort -V
> 
>   ,,_     -*> Snort! <*-
>  o"  )~   Version 2.9.1.2 IPv6 GRE (Build 84)
>   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
>           Using libpcap version 1.1.1
>           Using PCRE version: 6.6 06-Feb-2006
>           Using ZLIB version: 1.2.3
> 
> 
> Any clues?  Hints?  Clue-bats?  :)
> 
> Jeff
> 
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here 
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list