[Snort-users] Pulledpork and Snort warnings

Shirkdog shirkdog at ...11827...
Sun Mar 22 09:28:17 EDT 2015


Provide the version of Snort and whether you are using the correct
snort.conf with your snort instance?

After that, it becomes an issue of having the right OS configured for the
dynamic rules.
On Mar 21, 2015 11:00 PM, "Andrew Shagayev" <drewshg at ...11827...> wrote:

>
> *Hi! *
>
> *running pulledpork:*sudo pulledpork.pl -vv -w -c
> /usr/local/etc/pulledpork/pulledpork.conf
>
> *got this:*
>  ....
>     Reading rules...
> Generating Stub Rules....
>     Generating shared object stubs via:/usr/local/bin/snort -c
> /usr/local/etc/snort/snort.conf
> --dump-dynamic-rules=/tmp/tha_rules/so_rules/
>     An error occurred: WARNING: No dynamic libraries found in directory
> /usr/local/lib/snort_dynamicrules.
>
>     An error occurred: WARNING: ip4 normalizations disabled because not
> inline.
>
>     An error occurred: WARNING: tcp normalizations disabled because not
> inline.
>
>     An error occurred: WARNING: icmp4 normalizations disabled because not
> inline.
>
>     An error occurred: WARNING: ip6 normalizations disabled because not
> inline.
>
>     An error occurred: WARNING: icmp6 normalizations disabled because not
> inline.
>
> ...
>
> Done
> Please review /var/log/sid_changes.log for additional details
> Fly Piggy Fly!
>
>
> *When running snort:*sudo /usr/local/bin/snort -vde -i en0 -c
> /usr/local/etc/snort/snort.conf
>
> *Getting:*
> ...
>
> Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrules...
> WARNING: No dynamic libraries found in directory
> /usr/local/lib/snort_dynamicrules.
>   Finished Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrules
> Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/...
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>   Finished Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/
> Log directory = /var/log/snort
> WARNING: ip4 normalizations disabled because not inline.
> WARNING: tcp normalizations disabled because not inline.
> WARNING: icmp4 normalizations disabled because not inline.
> WARNING: ip6 normalizations disabled because not inline.
> WARNING: icmp6 normalizations disabled because not inline.
> ...
>
>
> *Any ideas what does it mean and how to solve it?*
> *Thank you*
> --
> A.S.
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150322/da1c5daf/attachment.html>


More information about the Snort-users mailing list