Snort mailing list archives
Re: Snort Services Failed to Start
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 24 Jun 2014 14:16:19 +0000
Looks like you are using the 2.9.5.6 dynamic preprocessors with Snort 2.9.6.1. You’ll probably want to delete things in /usr/local/lib/snort_dynamicpreprocessor and reinstall 2.9.6.1 On Jun 24, 2014, at 9:12 AM, greg.mcnathansonsnuf003 () gmx-topmail de<mailto:greg.mcnathansonsnuf003 () gmx-topmail de> wrote: Hi snort experts, is there any solution for this? I have the same problem as Steven Vona. Starting snort: ERROR size 840 != 864 I updated from snort 2.9.5.6 to version 2.9.6.1 on a Fedora 20 machine (x86_64). (Kernel 3.14.4-200.fc20.x86_64) journactl -b -0 -u snort.service ... Jun 24 13:00:30 discovery snort[789]: Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor... Jun 24 13:00:30 discovery snort[789]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so... Jun 24 13:00:30 discovery snort[789]: done ... Jun 24 13:00:31 discovery snort[789]: Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so... Jun 24 13:00:31 discovery snort[789]: done Jun 24 13:00:31 discovery snort[789]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor Jun 24 13:00:31 discovery snort[789]: Log directory = /var/log/snort .... Jun 24 13:00:31 discovery snort[789]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Jun 24 13:00:31 discovery snort[789]: alert_fragments: INACTIVE Jun 24 13:00:31 discovery snort[789]: alert_large_fragments: INACTIVE Jun 24 13:00:31 discovery snort[789]: alert_incomplete: INACTIVE Jun 24 13:00:31 discovery snort[789]: alert_multiple_requests: INACTIVE Jun 24 13:00:31 discovery snort[789]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_SSH version 1.1.3 (-2) Jun 24 13:00:31 discovery snort[784]: Starting snort: ERROR size 840 != 864 Jun 24 13:00:31 discovery snort[784]: [FAILED] Jun 24 13:00:31 discovery snort[822]: Stopping snort: [FAILED] Jun 24 13:00:31 discovery systemd[1]: Started Snort IDS system. The /usr/local/lib/snort_dynamicpreprocessor directory contains only new files from snort 2.9.6.1. Config parameters for installation of snort 2.9.6.1: $ ./configure --enable-sourcefire --enable-zlib --enable-reload --enable-reload-error-restart Config parameters for installation of daq 2.0.2: $ ./configure I haven't been able to use libnetfilter_queue libraries and libnfnetlink libraries from the fedora 20 repository. Usage of these libraries resulted in segmentation faults. So I use an older version of these libraries (libnetfilter_queue 1.1.0 and libnfnetlink 0.2.0). With these libraries no segmentation faults occured. Any ideas, what to do to get snort running? Any help would be greatly appreciated. Greg ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start Joel Esler (jesler) (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start Joel Esler (jesler) (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start greg . mcnathansonsnuf003 (Jun 24)
- Re: Snort Services Failed to Start Joel Esler (jesler) (Jun 24)