[Snort-users] Snort Services Failed to Start

Joel Esler (jesler) jesler at ...589...
Tue Jun 24 10:16:19 EDT 2014


Looks like you are using the 2.9.5.6 dynamic preprocessors with Snort 2.9.6.1.  You’ll probably want to delete things in /usr/local/lib/snort_dynamicpreprocessor and reinstall 2.9.6.1


On Jun 24, 2014, at 9:12 AM, greg.mcnathansonsnuf003 at ...16876...<mailto:greg.mcnathansonsnuf003 at ...16876...> wrote:

Hi snort experts,

is there any solution for this?
I have the same problem as Steven Vona.

Starting snort: ERROR size 840 != 864

I updated from snort 2.9.5.6 to version 2.9.6.1 on a Fedora 20 machine (x86_64). (Kernel 3.14.4-200.fc20.x86_64)

journactl -b -0 -u snort.service

...
Jun 24 13:00:30 discovery snort[789]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor...
Jun 24 13:00:30 discovery snort[789]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so...
Jun 24 13:00:30 discovery snort[789]: done
...
Jun 24 13:00:31 discovery snort[789]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so...
Jun 24 13:00:31 discovery snort[789]: done
Jun 24 13:00:31 discovery snort[789]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor
Jun 24 13:00:31 discovery snort[789]: Log directory = /var/log/snort
....
Jun 24 13:00:31 discovery snort[789]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
Jun 24 13:00:31 discovery snort[789]: alert_fragments: INACTIVE
Jun 24 13:00:31 discovery snort[789]: alert_large_fragments: INACTIVE
Jun 24 13:00:31 discovery snort[789]: alert_incomplete: INACTIVE
Jun 24 13:00:31 discovery snort[789]: alert_multiple_requests: INACTIVE
Jun 24 13:00:31 discovery snort[789]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_SSH version 1.1.3 (-2)
Jun 24 13:00:31 discovery snort[784]: Starting snort: ERROR size 840 != 864
Jun 24 13:00:31 discovery snort[784]: [FAILED]
Jun 24 13:00:31 discovery snort[822]: Stopping snort: [FAILED]
Jun 24 13:00:31 discovery systemd[1]: Started Snort IDS system.

The /usr/local/lib/snort_dynamicpreprocessor directory contains only new files from snort 2.9.6.1.


Config parameters for installation of snort 2.9.6.1:

$ ./configure --enable-sourcefire --enable-zlib --enable-reload --enable-reload-error-restart

Config parameters for installation of daq 2.0.2:

$ ./configure


I haven't been able to use libnetfilter_queue libraries and libnfnetlink libraries from the fedora 20 repository. Usage of these libraries resulted in segmentation faults.
So I use an older version of these libraries (libnetfilter_queue 1.1.0 and libnfnetlink 0.2.0). With these libraries no segmentation faults occured.

Any ideas, what to do to get snort running?


Any help would be greatly appreciated.

Greg






------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140624/d33b1923/attachment.html>


More information about the Snort-users mailing list