[Snort-users] Unable to use dynamicrules on CentOS 6.4 x86_64

Jaspal jaspal at ...16427...
Fri Jul 5 09:20:13 EDT 2013

On Friday 05 July 2013 05:47 PM, waldo kitty wrote:
> On 7/5/2013 05:47, Jaspal wrote:
>> Hi,
>> I am trying to use the dynamic rules present in snort-rules-snapshot-2495 with
>> snort-2.9.5 on a CentOS 6.4 x86_64 Amazon EC2 VM.
> is this "snort-2.9.5" a typo? if not, then that's part of your problem... in
> many cases you cannot mix rules for one version of snort with a different
> version of snort... the dynamic rules are definitely an example of this...
Thanks for the response.
It's not a typo. That's the latest tar on the site and I could not find 
sources of older versions. ( Why not a give a link ? )
I understand that we can't mix apples and oranges.
But the 4 latest snortrules-snapshot (available to registered users) all 
end in 29{40,41,45,46,31} under the section 'Snort v2.9'. Again no older 
Perhaps, you could just tell me how to choose a correct set of rules 
with the snort-2.9.5 version and where can I find them.
>> I have compiled daq and snort from source. Used libdnet and libdnet-devel from
>> the rpm repo.
> does not matter in this case...
>> I get the following error upon trying to use the precompiled shared libs from
>> either of RHEL-6.0 or CentOS-5.4 :
>> "The dynamic detection library
>> "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0 compiled with
>> dynamic engine library version 1.17 isn't compatible with the current dynamic
>> engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.0"
> this tells you exactly what the error is and where...
>> Both the snort-rules and snort are compiled from the latest sources.
>> It looks like a version mismatch. But where exactly ?
> inside the compiled so rules file(s)... the above message tells you that the
> version 1.0 of web-activex.so compiled with dynamic engine library 1.17  is not
> compatible with the current dynamic engine library 2.0...
>> Or is there a way to compile the shared libs and use them ?
> yes but i'm not familiar with how to do it... someone else will have to speak on
> this...
>> Also, why does snort provide precompiled shared libs for CentOS-6.x ?
> someone else will have to speak on this, too...

More information about the Snort-users mailing list