[Snort-users] Snort failed to stay up after upgrade to 2.9.6.0

Feroz Basir feroz.basir at ...11827...
Thu Feb 20 01:19:42 EST 2014


Hi,

I've done checking with ldd. There was no error came back, like I said on my previous email.

Thanks.

Regards,
Feroz Basir

> On 20 Feb 2014, at 10:58, SnortFan <SnortFan at ...131...> wrote:
> 
> Just for grins, cd into the directory where the snort exe is and run: ldd snort
> 
> This will show if you have any lib references messed up. When I did my upgrade I goofed on a couple of my sensors and performed the upgrade while still having the older version of snort still running. Yeah, not a good idea. 
> 
> Cheers,
> Ed
> 
> Sent from a mobile device. 
> 
>> On Feb 19, 2014, at 9:17 PM, Feroz Basir <feroz.basir at ...11827...> wrote:
>> 
>> Hi,
>> 
>> I used rpm source from snort website. There was no error on rpmbuild command.
>> 
>> Thanks.
>> 
>> 
>> Regards,
>> Feroz Basir
>> 
>>> On 20 Feb 2014, at 03:15, Jeremy Hoel <jthoel at ...11827...> wrote:
>>> 
>>> What us the exact error, not looks like.  You said you compiled this yourself, did it compile and install ok?  
>>> 
>>>> On Feb 19, 2014 12:03 PM, "Feroz Basir" <feroz.basir at ...11827...> wrote:
>>>> Hi,
>>>> 
>>>> My bad. Should have run as root :). Now I'm getting this error:
>>>> 
>>>> Snort: symbol lookup error: snort: undefined symbol: rand_open
>>>> 
>>>> Googling shows something to do with libdnet. Mine is ver 1.12. lddconfig -v shown no error.
>>>> 
>>>> Thanks.
>>>> 
>>>> 
>>>> Regards,
>>>> Feroz Basir
>>>> 
>>>> > On 20 Feb 2014, at 02:48, Jeremy Hoel <jthoel at ...11827...> wrote:
>>>> >
>>>> > try as root?
>>>> >
>>>> >> On Wed, Feb 19, 2014 at 11:47 AM, Feroz Basir <feroz.basir at ...13704......> wrote:
>>>> >> Hi,
>>>> >>
>>>> >> I've run snort manually. Now I could see the actual error. See below:
>>>> >>
>>>> >> Error: can't start DAQ (-1) - socket: operation not permitted.
>>>> >>
>>>> >> My DAQ version is 2.0.2
>>>> >>
>>>> >> Any ideas? Thanks again.
>>>> >>
>>>> >>
>>>> >> Regards,
>>>> >> Feroz Basir
>>>> >>
>>>> >>> On 20 Feb 2014, at 02:01, Jeremy Hoel <jthoel at ...11827...> wrote:
>>>> >>>
>>>> >>> -T just tests the snort.conf.
>>>> >>>
>>>> >>> For the next test, don't run snort off of init (that's odd that it
>>>> >>> doesn't log anything to syslog) and run it in the foreground and see
>>>> >>> what's failing) but run it locally:
>>>> >>>
>>>> >>> snort -c /etc/snort/snort.conf -i eth_whatever
>>>> >>>
>>>> >>> See what it says, see if you get too
>>>> >>> "Commencing packet processing (pid=????)"
>>>> >>>
>>>> >>> Once you get there, let it run for a bit then cntrl-c to break it,
>>>> >>> look at the info presented.
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>>> On Wed, Feb 19, 2014 at 10:53 AM, Feroz Basir <feroz.basir at ...14540...27...> wrote:
>>>> >>>> Hi,
>>>> >>>>
>>>> >>>> /var/log/messages file shown NIC enter promiscuous mode, then NIC exit promiscuous mode. Nothing in syslog log file.
>>>> >>>>
>>>> >>>> Thanks.
>>>> >>>>
>>>> >>>> Regards,
>>>> >>>> Feroz Basir
>>>> >>>>
>>>> >>>>> On 20 Feb 2014, at 01:22, Jeremy Hoel <jthoel at ...11827...> wrote:
>>>> >>>>>
>>>> >>>>> Do you have any error messages from the syslog?
>>>> >>>>>
>>>> >>>>>> On Wed, Feb 19, 2014 at 10:17 AM, Feroz Basir <feroz.basir at ...391...1827...> wrote:
>>>> >>>>>> Hi all,
>>>> >>>>>>
>>>> >>>>>> I'm running snort 2.9.4.6. I upgraded to version 2.9.6.0. Smooth upgrade process, but then when I restarted snortd service, snort process failed to stay up. Messages log file shown NIC enter promiscuous mode, then NIC exit promiscuous mode. I've run with -T and everything was OK.
>>>> >>>>>>
>>>> >>>>>> Anybody could help me, please?
>>>> >>>>>>
>>>> >>>>>> Thank you.
>>>> >>>>>>
>>>> >>>>>> Regards,
>>>> >>>>>> Feroz Basir
>>>> >>>>>> ------------------------------------------------------------------------------
>>>> >>>>>> Managing the Performance of Cloud-Based Applications
>>>> >>>>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>>>> >>>>>> Read the Whitepaper.
>>>> >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
>>>> >>>>>> _______________________________________________
>>>> >>>>>> Snort-users mailing list
>>>> >>>>>> Snort-users at lists.sourceforge.net
>>>> >>>>>> Go to this URL to change user options or unsubscribe:
>>>> >>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> >>>>>> Snort-users list archive:
>>>> >>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>> >>>>>>
>>>> >>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the Whitepaper.
>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140220/dbc40a67/attachment.html>


More information about the Snort-users mailing list