[Snort-users] Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start

Avery Rozar Avery.Rozar at ...16118...
Sun Feb 1 13:30:51 EST 2015


I'm tailing /var/log/messages and all I get is "ERROR version 7 < 11".

After upgrading to 2.9.7.0 I was getting "WARNING database [Database()]: Called with Event[0x0] Event Type [0] (P)acket [0x1e6fcc0], information has not been outputed." I did not realize it until I did not see any alerts for a few days. Thinking this may just be a Barnyard2 and Snort 2.9.7.0 compatibility issue I just decided to down grade to 2.9.6.2 and now snort will not start.

I make sure the "/usr/local/lib/snort_dynamicrules/" has the proper so rules, and pulled pork is set for "2.9.6.2". Pulled pork pulls sigs just fine.

Below is the output from "messages" when starting snort. Any ideas what I've done wrong?


Starting snort: Feb  1 13:20:54 vs-101 snort[3091]: Enabling inline operation

Feb  1 13:20:54 vs-101 snort[3091]: Running in IDS mode

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]:         --== Initializing Snort ==--

Feb  1 13:20:54 vs-101 snort[3091]: Initializing Output Plugins!

Feb  1 13:20:54 vs-101 snort[3091]: Initializing Preprocessors!

Feb  1 13:20:54 vs-101 snort[3091]: Initializing Plug-ins!

Feb  1 13:20:54 vs-101 snort[3091]: Parsing Rules file "/etc/snort/snort00.conf"

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'HTTP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'SHELLCODE_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 0:79 81:65535 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'ORACLE_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 1024:65535 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'SSH_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 22 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'FTP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 21 2100 3535 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'SIP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 5060:5061 5600 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'FILE_DATA_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: PortVar 'GTP_PORTS' defined :

Feb  1 13:20:54 vs-101 snort[3091]:  [ 2123 2152 3386 ]

Feb  1 13:20:54 vs-101 snort[3091]:

Feb  1 13:20:54 vs-101 snort[3091]: Detection:

Feb  1 13:20:54 vs-101 snort[3091]:    Search-Method = AC-Full-Q

Feb  1 13:20:54 vs-101 snort[3091]:     Split Any/Any group = enabled

Feb  1 13:20:54 vs-101 snort[3091]:     Search-Method-Optimizations = enabled

Feb  1 13:20:54 vs-101 snort[3091]:     Maximum pattern length = 20

Feb  1 13:20:55 vs-101 snort[3091]: Tagged Packet Limit: 256

Feb  1 13:20:55 vs-101 snort[3091]: Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]: Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-apache.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit-kit.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-linux.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-windows.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-dns.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/policy-social.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-icmp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-iis.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-pdf.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/pua-p2p.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-office.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-plugins.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-flash.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-image.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-executable.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-multimedia.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-webapp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-cnc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-ie.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-voip.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/indicator-shellcode.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-other.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mail.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-oracle.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-nntp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mysql.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-java.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-snmp.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules

Feb  1 13:20:55 vs-101 snort[3091]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_appid_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so...

Feb  1 13:20:55 vs-101 snort[3091]: done

Feb  1 13:20:55 vs-101 snort[3091]:   Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/

Feb  1 13:20:55 vs-101 snort[3091]: Log directory = /var/log/snort/Z0

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:          ip4: on

Feb  1 13:20:55 vs-101 snort[3091]:      ip4::df: off

Feb  1 13:20:55 vs-101 snort[3091]:      ip4::rf: off

Feb  1 13:20:55 vs-101 snort[3091]:     ip4::tos: off

Feb  1 13:20:55 vs-101 snort[3091]:    ip4::trim: off

Feb  1 13:20:55 vs-101 snort[3091]:     ip4::ttl: on (min=1, new=5)

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:          tcp: on

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::ecn: stream

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::urp: on

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::opt: off

Feb  1 13:20:55 vs-101 snort[3091]:     tcp::ips: on

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:        icmp4: on

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:          ip6: on

Feb  1 13:20:55 vs-101 snort[3091]:    ip6::hops: on (min=1, new=5)

Feb  1 13:20:55 vs-101 snort[3091]: Normalizer config:

Feb  1 13:20:55 vs-101 snort[3091]:        icmp6: on

Feb  1 13:20:55 vs-101 snort[3091]: Frag3 global config:

Feb  1 13:20:55 vs-101 snort[3091]:     Max frags: 65536

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment memory cap: 4194304 bytes

Feb  1 13:20:55 vs-101 snort[3091]: Frag3 engine config:

Feb  1 13:20:55 vs-101 snort[3091]:     Bound Address: default

Feb  1 13:20:55 vs-101 snort[3091]:     Target-based policy: WINDOWS

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment timeout: 180 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment min_ttl:   1

Feb  1 13:20:55 vs-101 snort[3091]:     Fragment Anomalies: Alert

Feb  1 13:20:55 vs-101 snort[3091]:     Overlap Limit:     10

Feb  1 13:20:55 vs-101 snort[3091]:     Min fragment Length:     100

Feb  1 13:20:55 vs-101 snort[3091]: Stream5 global config:

Feb  1 13:20:55 vs-101 snort[3091]:     Track TCP sessions: ACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Max TCP sessions: 262144

Feb  1 13:20:55 vs-101 snort[3091]:     TCP cache pruning timeout: 30 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     TCP cache nominal timeout: 3600 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Memcap (for reassembly packet storage): 8388608

Feb  1 13:20:55 vs-101 snort[3091]:     Track UDP sessions: ACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Max UDP sessions: 131072

Feb  1 13:20:55 vs-101 snort[3091]:     UDP cache pruning timeout: 30 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     UDP cache nominal timeout: 180 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Track ICMP sessions: INACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Track IP sessions: INACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:     Log info if session memory consumption exceeds 1048576

Feb  1 13:20:55 vs-101 snort[3091]:     Send up to 2 active responses

Feb  1 13:20:55 vs-101 snort[3091]:     Wait at least 5 seconds between responses

Feb  1 13:20:55 vs-101 snort[3091]:     Protocol Aware Flushing: ACTIVE

Feb  1 13:20:55 vs-101 snort[3091]:         Maximum Flush Point: 16000

Feb  1 13:20:55 vs-101 snort[3091]:       Max Expected Streams: 768

Feb  1 13:20:55 vs-101 snort[3091]: Stream5 TCP Policy config:

Feb  1 13:20:55 vs-101 snort[3091]:     Bound Address: default

Feb  1 13:20:55 vs-101 snort[3091]:     Reassembly Policy: WINDOWS

Feb  1 13:20:55 vs-101 snort[3091]:     Timeout: 180 seconds

Feb  1 13:20:55 vs-101 snort[3091]:     Limit on TCP Overlaps: 10

Feb  1 13:20:55 vs-101 snort[3091]:     Maximum number of bytes to queue per session: 1048576

Feb  1 13:20:55 vs-101 snort[3091]:     Maximum number of segs to queue per session: 2621

Feb  1 13:20:55 vs-101 snort[3091]:     Options:

Feb  1 13:20:55 vs-101 rsyslogd-2177: imuxsock begins to drop messages from pid 3091 due to rate-limiting

ERROR version 7 < 11

                                                           [FAILED]




More information about the Snort-users mailing list