[Snort-users] service snortd start failure

Tal Bar-Or tbaror at ...11827...
Wed May 9 01:06:04 EDT 2012


Hi Jag,

I run the requested command and it seems ok ,

[ Port Based Pattern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format    : Full-Q
| Finite Automaton  : DFA
| Alphabet Size     : 256 Chars
| Sizeof State      : Variable (1,2,4 bytes)
| Instances         : 192
|     1 byte states : 177
|     2 byte states : 15
|     4 byte states : 0
| Characters        : 89143
| States            : 60717
| Transitions       : 4199371
| State Density     : 27.0%
| Patterns          : 5193
| Match States      : 4804
| Memory (MB)       : 31.36
|   Patterns        : 0.57
|   Match Lists     : 1.12
|   DFA
|     1 byte states : 1.06
|     2 byte states : 28.25
|     4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 1336 ]

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.2.2 IPv6 GRE (Build 121)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using libpcap version 1.2.1
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.3

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15  <Build 18>
           Preprocessor Object: SF_GTP (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_REPUTATION (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
           Preprocessor Object: SF_DNP3 (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_DCERPC2 (IPV6)  Version 1.0  <Build 3>
           Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>
           Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>
           Preprocessor Object: SF_SDF (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
           Preprocessor Object: SF_MODBUS (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_POP (IPV6)  Version 1.0  <Build 1>

Snort successfully validated the configuration!
Snort exiting


Hi all

@ Tal Bar-or. To test changes to snort.conf I run the following - try that:
		Snort -c /etc/snort/snort.conf -T
In your post you have specified -i which is for putting snort in Packet
Sniffing mode  -c is for intrusion sensing.
What mode are you attempting to get working?
I hope this helps.  Regards

Jag Mander



---------- Forwarded message ----------
From: Tal Bar-Or <tbaror at ...11827...>
Date: Tue, May 8, 2012 at 5:10 PM
Subject: service snortd start failure
To: Snort-users at lists.sourceforge.net


Hello All,
I have installed Snort 2.9.2.2 on CentOs 6.2 x_64 , i have also set
the environment rule etc..
now when i am starting snort service i get following errors:

service snortd start
Starting snort: ERROR size 784 != 856 Looking also  into
/var/log/messages log i have :

FATAL ERROR: Failed to initialize dynamic preprocessor: SF_GTP (IPV6)
version 1.1.1 (-2)

in addition i did try testing at shell  command , testing run work perfectly.

snort -c /etc/snort/snort.conf -i eth0

I really don't now where is the issue, if someone tackled this lately
could share info.
Please advice

Thanks


-- 
Tal Bar-or




More information about the Snort-users mailing list