Re: [Snort-users] Dynamic Preprocessor Errors
This is a discussion on Re: [Snort-users] Dynamic Preprocessor Errors within the Snort forums, part of the System Security and Security Related category; Seems like a lot of people are having problems with this, so here's a snippit from my snort.conf ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-29-2007
|
|||
|
|||
Re: [Snort-users] Dynamic Preprocessor Errors
Seems like a lot of people are having problems with this, so here's a
snippit from my snort.conf that might help. ################################################## # # Step #2: Configure dynamic loaded libraries # # If snort was configured to use dynamically loaded libraries, # those libraries can be loaded here. # # Each of the following configuration options can be done via # the command line as well. # # Load all dynamic preprocessors from the install path # (same as command line option --dynamic-preprocessor-lib-dir) # # IMPORTANT READ the FOLLOWING # # # Additionally if you are on Mac OSX you must read and follow the # Instructions in doc/INSTALL when compiling. If you don't # you will get a snort that exits with a "bus error" # Frustration will ensue. # # If your dynamic-preprocessors dir does not contain .so files you # have to do the following # # cd /usr/local/lib/snort_dynamicpreprocessor # # ln -s libsf_ftptelnet_preproc.so.0.0 libsf_ftptelnet_preproc.so # ln -s libsf_dcerpc_preproc.so.0.0 libsf_dcerpc_preproc.so # ln -s libsf_smtp_preproc.so.0.0 libsf_smtp_preproc.so # ln -s libsf_dns_preproc.so.0.0 libsf_dns_preproc.so # ln -s libsf_ssh_preproc.so.0.0 libsf_ssh_preproc.so # # This is all on one line, if email word wraps fix it. # Additionally you have to have the full qualified path # # Replace /usr/local/lib/snort_dynamicpreprocessor with # whatever is the fully qualified path is to your .so files. # dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so dynamicengine /usr/local/lib/snort_dynamicpreprocessor/libsf_engine.so ######## END SNIPPIT ########### Hope that helps. Cheers, -matt info+lucretia.ca wrote: > Hello. > > I'm trying to build 2.7.0.beta1 on Ubuntu 6.06. So far things are working > well, except when I attempt to turn on the dynamic preprocessors. > > I encountered an ID error when I simply uncommented them so I added some > text to make them look like the command line counterparts. I'm not certain > whether they work from the command line, as I'm not interested in starting > them this way. > > Starting snort with 'sudo' using the one and only parameter: '-c > /etc/snort/snort.conf' I get the following output: > > ERROR: /etc/snort/snort.conf(539): Bad rule in rules file > > This line contains: > > dynamic-preprocessor-lib > /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so > > I get this error with any dynamic preprocessor enabled in snort.conf. > > I've reviewed the documentation and could find nothing indicating the > correct format for the 'dynamic-*' options for snort.conf (the command line > is well documented...) and I reviewed the list and forums with no luck on a > solution. > > Cheers, > > > James Friesen, CIO > Lucretia Enterprises > Our World Is Here > info at lucretia dot ca > http://lucretia.ca ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
