[Snort-users] Snort failed to stay up after upgrade to 2.9.6.0

Feroz Basir feroz.basir at ...11827...
Wed Feb 19 21:17:12 EST 2014


Hi,

I used rpm source from snort website. There was no error on rpmbuild command.

Thanks.


Regards,
Feroz Basir

> On 20 Feb 2014, at 03:15, Jeremy Hoel <jthoel at ...11827...> wrote:
> 
> What us the exact error, not looks like.  You said you compiled this yourself, did it compile and install ok?  
> 
>> On Feb 19, 2014 12:03 PM, "Feroz Basir" <feroz.basir at ...11827...> wrote:
>> Hi,
>> 
>> My bad. Should have run as root :). Now I'm getting this error:
>> 
>> Snort: symbol lookup error: snort: undefined symbol: rand_open
>> 
>> Googling shows something to do with libdnet. Mine is ver 1.12. lddconfig -v shown no error.
>> 
>> Thanks.
>> 
>> 
>> Regards,
>> Feroz Basir
>> 
>> > On 20 Feb 2014, at 02:48, Jeremy Hoel <jthoel at ...11827...> wrote:
>> >
>> > try as root?
>> >
>> >> On Wed, Feb 19, 2014 at 11:47 AM, Feroz Basir <feroz.basir at ...14542....> wrote:
>> >> Hi,
>> >>
>> >> I've run snort manually. Now I could see the actual error. See below:
>> >>
>> >> Error: can't start DAQ (-1) - socket: operation not permitted.
>> >>
>> >> My DAQ version is 2.0.2
>> >>
>> >> Any ideas? Thanks again.
>> >>
>> >>
>> >> Regards,
>> >> Feroz Basir
>> >>
>> >>> On 20 Feb 2014, at 02:01, Jeremy Hoel <jthoel at ...11827...> wrote:
>> >>>
>> >>> -T just tests the snort.conf.
>> >>>
>> >>> For the next test, don't run snort off of init (that's odd that it
>> >>> doesn't log anything to syslog) and run it in the foreground and see
>> >>> what's failing) but run it locally:
>> >>>
>> >>> snort -c /etc/snort/snort.conf -i eth_whatever
>> >>>
>> >>> See what it says, see if you get too
>> >>> "Commencing packet processing (pid=????)"
>> >>>
>> >>> Once you get there, let it run for a bit then cntrl-c to break it,
>> >>> look at the info presented.
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>> On Wed, Feb 19, 2014 at 10:53 AM, Feroz Basir <feroz.basir at ...13704......> wrote:
>> >>>> Hi,
>> >>>>
>> >>>> /var/log/messages file shown NIC enter promiscuous mode, then NIC exit promiscuous mode. Nothing in syslog log file.
>> >>>>
>> >>>> Thanks.
>> >>>>
>> >>>> Regards,
>> >>>> Feroz Basir
>> >>>>
>> >>>>> On 20 Feb 2014, at 01:22, Jeremy Hoel <jthoel at ...11827...> wrote:
>> >>>>>
>> >>>>> Do you have any error messages from the syslog?
>> >>>>>
>> >>>>>> On Wed, Feb 19, 2014 at 10:17 AM, Feroz Basir <feroz.basir at ...14540...27...> wrote:
>> >>>>>> Hi all,
>> >>>>>>
>> >>>>>> I'm running snort 2.9.4.6. I upgraded to version 2.9.6.0. Smooth upgrade process, but then when I restarted snortd service, snort process failed to stay up. Messages log file shown NIC enter promiscuous mode, then NIC exit promiscuous mode. I've run with -T and everything was OK.
>> >>>>>>
>> >>>>>> Anybody could help me, please?
>> >>>>>>
>> >>>>>> Thank you.
>> >>>>>>
>> >>>>>> Regards,
>> >>>>>> Feroz Basir
>> >>>>>> ------------------------------------------------------------------------------
>> >>>>>> Managing the Performance of Cloud-Based Applications
>> >>>>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> >>>>>> Read the Whitepaper.
>> >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
>> >>>>>> _______________________________________________
>> >>>>>> Snort-users mailing list
>> >>>>>> Snort-users at lists.sourceforge.net
>> >>>>>> Go to this URL to change user options or unsubscribe:
>> >>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> >>>>>> Snort-users list archive:
>> >>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> >>>>>>
>> >>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140220/52307e11/attachment.html>


More information about the Snort-users mailing list