[Snort-users] Pulledpork and Snort warnings

James Lay jlay at ...13475...
Sun Mar 22 09:57:28 EDT 2015


On Sun, 2015-03-22 at 09:28 -0400, Shirkdog wrote:

> Provide the version of Snort and whether you are using the correct
> snort.conf with your snort instance?
> 
> After that, it becomes an issue of having the right OS configured for
> the dynamic rules.
> 
> 
> On Mar 21, 2015 11:00 PM, "Andrew Shagayev" <drewshg at ...11827...> wrote:
> 
>         Hi! 
>         
>         
>         running pulledpork:
>         sudo pulledpork.pl -vv
>         -w -c /usr/local/etc/pulledpork/pulledpork.conf
>         
>         
>         got this:
>          ....
>             Reading rules...
>         Generating Stub Rules....
>             Generating shared object stubs via:/usr/local/bin/snort
>         -c /usr/local/etc/snort/snort.conf
>         --dump-dynamic-rules=/tmp/tha_rules/so_rules/
>             An error occurred: WARNING: No dynamic libraries found in
>         directory /usr/local/lib/snort_dynamicrules.
>         
>             An error occurred: WARNING: ip4 normalizations disabled
>         because not inline.
>         
>             An error occurred: WARNING: tcp normalizations disabled
>         because not inline.
>         
>             An error occurred: WARNING: icmp4 normalizations disabled
>         because not inline.
>         
>             An error occurred: WARNING: ip6 normalizations disabled
>         because not inline.
>         
>             An error occurred: WARNING: icmp6 normalizations disabled
>         because not inline.
>         
>         ...
>         
>         Done
>         Please review /var/log/sid_changes.log for additional details
>         Fly Piggy Fly!
>         
>         
>         When running snort:
>         sudo /usr/local/bin/snort -vde -i en0
>         -c /usr/local/etc/snort/snort.conf
>         
>         
>         Getting:
>         ...
>         
>         Loading all dynamic detection libs
>         from /usr/local/lib/snort_dynamicrules...
>         WARNING: No dynamic libraries found in
>         directory /usr/local/lib/snort_dynamicrules.
>           Finished Loading all dynamic detection libs
>         from /usr/local/lib/snort_dynamicrules
>         Loading all dynamic preprocessor libs
>         from /usr/local/lib/snort_dynamicpreprocessor/...
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>           Loading dynamic preprocessor
>         library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>           Finished Loading all dynamic preprocessor libs
>         from /usr/local/lib/snort_dynamicpreprocessor/
>         Log directory = /var/log/snort
>         WARNING: ip4 normalizations disabled because not inline.
>         WARNING: tcp normalizations disabled because not inline.
>         WARNING: icmp4 normalizations disabled because not inline.
>         WARNING: ip6 normalizations disabled because not inline.
>         WARNING: icmp6 normalizations disabled because not inline.
>         ...
>         
>         
>         Any ideas what does it mean and how to solve it?
>         
>         Thank you
>         
>         -- 
>         
>         A.S.
>         
>         
>         
>         ------------------------------------------------------------------------------
>         Dive into the World of Parallel Programming The Go Parallel
>         Website, sponsored
>         by Intel and developed in partnership with Slashdot Media, is
>         your hub for all
>         things parallel software development, from weekly thought
>         leadership blogs to
>         news, videos, case studies, tutorials and more. Take a look
>         and join the
>         conversation now. http://goparallel.sourceforge.net/
>         _______________________________________________
>         Snort-users mailing list
>         Snort-users at lists.sourceforge.net
>         Go to this URL to change user options or unsubscribe:
>         https://lists.sourceforge.net/lists/listinfo/snort-users
>         Snort-users list archive:
>         http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>         
>         Please visit http://blog.snort.org to stay current on all the
>         latest Snort news!
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the 
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


That and you're not configured for inline operation, so those inline
WARNING's you can ignore.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150322/4b6b1a7a/attachment.html>


More information about the Snort-users mailing list