[Snort-users] Pullpork, so rules, and upgrades

Shirkdog shirkdog at ...11827...
Thu Apr 14 19:33:01 EDT 2016


Make a bug for it and fill in information so we can take a look.

https://github.com/shirkdog/pulledpork/issues

It would appear that pulledpork is not handling some piece of this
correctly, and that looks like output from Snort on the error. Version
0.7.2 I would like to cut at some point in the near future, so any
serious bugs I would like to be taken care of.

---
Michael Shirk


On Thu, Apr 14, 2016 at 6:52 PM, James Lay <jlay at ...13475...> wrote:
> So....I'm sure we've all seen this before:
>
> Apr 14 22:44:11 idsdev pulledpork[31863]: FATAL: An error occured:
> ERROR: The dynamic detection library
> /usr/local/lib/snort_dynamicrules/protocol-icmp.so version 1.0 compiled
> with dynamic engine library version 2.4 isn't compatible with the
> current dynamic engine library
> /usr/local/lib/snort_dynamicengine/libsf_engine.so version 2.6.
>
> The fix, easy enough, is to:
>
> cd /usr/local/lib/snort_dynamicrules/
> sudo rm *.so
> cd /tmp
> tar xvf snortrules-snapshot-2982.tar.gz
> #depending on distro and arch:
> cd so_rules/precompiled/Ubuntu-12-04/x86-64/2.9.8.2/
> sudo cp *.so /usr/local/lib/snort_dynamicrules/
>
> and rerun pulledpork.  My question is, why doesn't pulledpork do this?
> I'm running 0.7.1....just curious really.  Thank you.
>
> James
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list