[Snort-users] First time snorting ... ERROR: The dynamic detection library ...

Alan McKay alan.mckay at ...11827...
Fri Nov 15 10:39:33 EST 2013


> If you run Snort in console mode (-A console) for testing purposes, do you
> see any alerts?

Nope.  I ran it without the redirect this time of course and with -A
console, and it gets to this point :

           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
Commencing packet processing (pid=20459)

And after that I hit it again with nmap -O as well as continual ssh
attempts.   It just stays like the above with no more output.

> Another thing, how does your unified2 output plugin look
> like in your snort.conf file? Also, what rules you have enabled?

I'm using the default snort.conf from the document that I posted in my
first thread.  It seems to be the default from the distro.  The only
changes I make are these near the top of the file, and I only made
those after my initial attempts with all defaults failed.   Here are
my changes :

# Setup the network addresses you are protecting
ipvar HOME_NET MY_REAL_IP_REMOVED
# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET !$HOME_NET

I dumped the full contents of the snort.conf at the top of my google
doc for perusal.

https://docs.google.com/document/d/1bd3atMiqTBvbwF8BIpZDSVEr1vYniyM0GSIHZGvVWO8/edit?usp=sharing




More information about the Snort-users mailing list