[Snort-users] ERROR: dynamic detection lib is compiled with an older version of the dynamic engine

Mike H mizelhike at ...125...
Sun Aug 18 00:00:58 EDT 2013

Thanks for the response Waldo, that did the trick! I delete the rules and Snort runs fine. Seems so obvious now--files not compatible==>delete files :)
According to your post this also puts the "newer and proper SO files back in place". I believe you are implying (or at least I am inferring) that the latest ruleset comes prepackaged with snort (where are those SO files?).  Ok, makes sense--but the user still needs to update the rules at some point.
So, if I am reading that right it means that I can't just go out to http://www.snort.org/snort-rules/, grab the latest "Registered User" rules and install them?  That seems odd, am I missing something?
The Snort install instructions explicitly point you to download and install the latest rules, like so:
sudo tar zxvf snortrules-snapshot-2950.tar.gz -C /usr/local/snortsudo mkdir /usr/local/snort/lib/snort_dynamicrulessudo cp /usr/local/snort/so_rules/precompiled/Ubuntu-10-4/i386/* \/usr/local/snort/lib/snort_dynamicrulessudo touch /usr/local/snort/rules/white_list.rulessudo touch /usr/local/snort/rules/black_list.rulessudo ldconfig
But that just takes me back to the same compatibility error below.  I'm sure I am screwing something up here, just not sure what.  Any thoughts on how I can get the latest rules from the website loaded?
I was hoping to understand how to do this manually, then move on to installing Pulled Pork.  Appreciate the help!
> Date: Sat, 17 Aug 2013 20:48:34 -0400
> From: wkitty42 at ...14940...
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] ERROR: dynamic detection lib is compiled with an older version of the dynamic engine
> On 8/17/2013 13:38, Michael Heard wrote:
> > ERROR: Dynamic detection lib /usr/local/snort/lib/snort_dynamicrules/nntp.so 1.0
> > isn't compatible with the current dynamic engine library
> > /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so 2.1.
> > The dynamic detection lib is compiled with an older version of the dynamic engine.
> > Fatal Error, Quitting../
> >
> > The error seems to indicate that I need a newer dynamic rule set that is
> > compatible with the dynamicengine I am running.
> it is not just the rules set that must be compatible but also the shared so 
> dynamic engine files... shut down your snort, and remove the SO files in your 
> /usr/local/snort/lib/snort_dynamicengine/ directory... then reinstall snort to 
> put the newer and proper SO files back in place... then restart your snort and 
> you should be good to go... that is if i have grabbed the proper directory from 
> your post where the problem lies...
> -- 
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead. 
> Download for free and get started troubleshooting in minutes. 
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130818/7a017de9/attachment.html>

More information about the Snort-users mailing list