[Snort-users] Snort failed to stay up after upgrade to 2.9.6.0

SnortFan SnortFan at ...131...
Wed Feb 19 21:58:03 EST 2014


Just for grins, cd into the directory where the snort exe is and run: ldd snort

This will show if you have any lib references messed up. When I did my upgrade I goofed on a couple of my sensors and performed the upgrade while still having the older version of snort still running. Yeah, not a good idea. 

Cheers,
Ed

Sent from a mobile device. 

> On Feb 19, 2014, at 9:17 PM, Feroz Basir <feroz.basir at ...11827...> wrote:
> 
> Hi,
> 
> I used rpm source from snort website. There was no error on rpmbuild command.
> 
> Thanks.
> 
> 
> Regards,
> Feroz Basir
> 
>> On 20 Feb 2014, at 03:15, Jeremy Hoel <jthoel at ...11827...> wrote:
>> 
>> What us the exact error, not looks like.  You said you compiled this yourself, did it compile and install ok?  
>> 
>>> On Feb 19, 2014 12:03 PM, "Feroz Basir" <feroz.basir at ...11827...> wrote:
>>> Hi,
>>> 
>>> My bad. Should have run as root :). Now I'm getting this error:
>>> 
>>> Snort: symbol lookup error: snort: undefined symbol: rand_open
>>> 
>>> Googling shows something to do with libdnet. Mine is ver 1.12. lddconfig -v shown no error.
>>> 
>>> Thanks.
>>> 
>>> 
>>> Regards,
>>> Feroz Basir
>>> 
>>> > On 20 Feb 2014, at 02:48, Jeremy Hoel <jthoel at ...11827...> wrote:
>>> >
>>> > try as root?
>>> >
>>> >> On Wed, Feb 19, 2014 at 11:47 AM, Feroz Basir <feroz.basir at ...14459.....> wrote:
>>> >> Hi,
>>> >>
>>> >> I've run snort manually. Now I could see the actual error. See below:
>>> >>
>>> >> Error: can't start DAQ (-1) - socket: operation not permitted.
>>> >>
>>> >> My DAQ version is 2.0.2
>>> >>
>>> >> Any ideas? Thanks again.
>>> >>
>>> >>
>>> >> Regards,
>>> >> Feroz Basir
>>> >>
>>> >>> On 20 Feb 2014, at 02:01, Jeremy Hoel <jthoel at ...11827...> wrote:
>>> >>>
>>> >>> -T just tests the snort.conf.
>>> >>>
>>> >>> For the next test, don't run snort off of init (that's odd that it
>>> >>> doesn't log anything to syslog) and run it in the foreground and see
>>> >>> what's failing) but run it locally:
>>> >>>
>>> >>> snort -c /etc/snort/snort.conf -i eth_whatever
>>> >>>
>>> >>> See what it says, see if you get too
>>> >>> "Commencing packet processing (pid=????)"
>>> >>>
>>> >>> Once you get there, let it run for a bit then cntrl-c to break it,
>>> >>> look at the info presented.
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>> On Wed, Feb 19, 2014 at 10:53 AM, Feroz Basir <feroz.basir at ...13610...7...> wrote:
>>> >>>> Hi,
>>> >>>>
>>> >>>> /var/log/messages file shown NIC enter promiscuous mode, then NIC exit promiscuous mode. Nothing in syslog log file.
>>> >>>>
>>> >>>> Thanks.
>>> >>>>
>>> >>>> Regards,
>>> >>>> Feroz Basir
>>> >>>>
>>> >>>>> On 20 Feb 2014, at 01:22, Jeremy Hoel <jthoel at ...11827...> wrote:
>>> >>>>>
>>> >>>>> Do you have any error messages from the syslog?
>>> >>>>>
>>> >>>>>> On Wed, Feb 19, 2014 at 10:17 AM, Feroz Basir <feroz.basir at ...5119...827...> wrote:
>>> >>>>>> Hi all,
>>> >>>>>>
>>> >>>>>> I'm running snort 2.9.4.6. I upgraded to version 2.9.6.0. Smooth upgrade process, but then when I restarted snortd service, snort process failed to stay up. Messages log file shown NIC enter promiscuous mode, then NIC exit promiscuous mode. I've run with -T and everything was OK.
>>> >>>>>>
>>> >>>>>> Anybody could help me, please?
>>> >>>>>>
>>> >>>>>> Thank you.
>>> >>>>>>
>>> >>>>>> Regards,
>>> >>>>>> Feroz Basir
>>> >>>>>> ------------------------------------------------------------------------------
>>> >>>>>> Managing the Performance of Cloud-Based Applications
>>> >>>>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>>> >>>>>> Read the Whitepaper.
>>> >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
>>> >>>>>> _______________________________________________
>>> >>>>>> Snort-users mailing list
>>> >>>>>> Snort-users at lists.sourceforge.net
>>> >>>>>> Go to this URL to change user options or unsubscribe:
>>> >>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> >>>>>> Snort-users list archive:
>>> >>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> >>>>>>
>>> >>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140219/ac9bc10a/attachment.html>


More information about the Snort-users mailing list