Re: MySQL support for Snort 2.9.4

[Jeremy Hoel <jthoel () gmail com>]

yes.. it could be.  If you have no files there then you can comment those out.

And you can use ipvar for ipv4 only.. that's not a problem, I jsut
didn't know if you have var or ipvar before and if you planned on
using ipv6 (that preprocessor was v6)

On Mon, Dec 10, 2012 at 6:52 PM, Kaya Saman <kayasaman () gmail com> wrote:
> On 12/11/2012 01:41 AM, Jeremy Hoel wrote:
>
> Without looking at the Google's, normally preprocessor errors are missing
> files.  Look in your snort conf and make sure the paths to the preprocessors
> are correct.
>
> And if you are using ipv6 addresses make sure you use ipvar vs var in snort
> conf.
>
>
> Hmm.... this is interesting.
>
> I reverted my config back from ipvar to var since I'm using IPv4.
>
> The libraries are setup as such:
>
> # path to dynamic preprocessor libraries
> dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
>
> # path to base preprocessor engine
> dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
>
> # path to dynamic rules libraries
> dynamicdetection directory /usr/local/lib/snort_dynamicrules
>
>
> of which they are all there:
>
> # ls /usr/local/lib | grep snort
> snort_dynamicengine
> snort_dynamicpreprocessor
> snort_dynamicrules
>
>
> The rules have been setup as such:
>
> var RULE_PATH ./rules
> var SO_RULE_PATH ./so_rules
> var PREPROC_RULE_PATH ./preproc_rules
>
>
> All the *rules files and directories reside within /etc/snort/ - I have also
> attempted to put the full dir path too; /etc/snort/rules etc...
>
> - which didn't yield any difference.
>
>
> I'm not sure what's going on, I don't have anything in the dynamicrules or
> dynamicpreprocessor folders though! Could this be the issue?
>
>
> Regards,
>
>
> Kaya
>
>
>
> On Dec 10, 2012 6:16 PM, "Kaya Saman" <kayasaman () gmail com> wrote:
> > On 12/11/2012 01:13 AM, beenph wrote:
> >
> >
> >
> > On Mon, Dec 10, 2012 at 8:04 PM, Kaya Saman <kayasaman () gmail com> wrote:
> > >
> >
> > > I've just compiled and installed Barnyard2 now and currently working on
> > > the integration with snort 2.9.3.1.
> > >
> > > I just wonder if I will need to do anything different for my BASE
> > > setup??
> >
> > No, it uses the same schema and should continue to work as expected,
> > the main difference being that its barnyard2 that feeds the database.
> >
> > -elz
> >
> >
> >
> >
> >
> > Thanks for the response!
> >
> > I know I should ask this in a new Subject Heading however I'm getting this
> > error while trying to start Snort:
> >
> > ERROR: Failed to initialize dynamic preprocessor: SF_SSLPP (IPV6) version
> > 1.1.4 (-1)
> >
> > # snort -V
> >
> >    ,,_     -*> Snort! <*-
> >   o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40)
> >    ''''    By Martin Roesch & The Snort Team:
> > http://www.snort.org/snort/snort-team
> >            Copyright (C) 1998-2012 Sourcefire, Inc., et al.
> >            Using libpcap version 1.3.0
> >            Using PCRE version: 8.30 2012-02-04
> >            Using ZLIB version: 1.2.3
> >
> >
> > OS is OpenBSD 5.2 SPARC64
> >
> > Am running: snort -T -i trunk0 -c /etc/snort/snort.conf to start snort
> >
> >
> > Am currently Google'ing it but not getting very far.......
> >
> >
> > Regards,
> >
> >
> > Kaya

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!