Snort 2.9.1 pkg v. 2.1.1 Error.
-
new issue /libexec/ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "snort" it says in console if you try to use snort command
-
new issue /libexec/ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "snort" it says in console if you try to use snort command
this is most likely because you installed the snort package from freebsd.org… you have to be very careful when install packages that aren't from files.pfsense.org... you can break your box...
ps snort didn't start because i believe it needs a patch to make it work with pf...
-
It's my test box so no problem :)
-
same error
My system :
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6Beginning package installation for snort…
Downloading package configuration file... done.
Saving updated package information... done.
Downloading snort and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/amd64/8/All/snort-2.9.2.3.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/snort-2.9.2.3.tbz.
of snort-2.9.2.3 failed!Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for mysql-client-5.1.53...done.
Starting package deletion for snort-2.9.2.3...done.
Starting package deletion for perl-threaded-5.10.1_3...done.
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
Include file snort.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.Installation halted.
-
Same issue here as well.
-
Online again! Thanks!
-
Yes this should be OK now, I managed to get a new set of binaries built and uploaded. For one reason or another the nightly automated build process (even when run by hand) was not completely building the snort package and related binaries.
-
But now I have another problem…
snort[25261]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
Snort install perfectly, but not work…
-
Same here:
snort[56806]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined. -
Might be related:
http://forum.pfsense.org/index.php/topic,45656.msg238815.html#msg238815Try updating your snort rules.
-
i'm doing some testing but since snort was updated to 2.9.2.3, the ruleset filename is different:
thinking it should be like this now
/usr/local/pkg/snort/snort_check_for_rule_updates.php
line 43 $snort_filename_md5 = "snortrules-snapshot-2923.tar.gz.md5";
line 44 $snort_filename = "snortrules-snapshot-2923.tar.gz"; -
i'm doing some testing but since snort was updated to 2.9.2.3, the ruleset filename is different:
thinking it should be like this now
/usr/local/pkg/snort/snort_check_for_rule_updates.php
line 43 $snort_filename_md5 = "snortrules-snapshot-2923.tar.gz.md5";
line 44 $snort_filename = "snortrules-snapshot-2923.tar.gz";P.S looks like only registered users can download snortrules-snapshot-2922.tar.gz, 2923 isn't allowed yet
-
Strange.. my rules are updated…
SNORT.ORG >>> "b7469cefc799ed158d2a483ed2cf689a"
EMERGINGTHREATS.NET >>> 014686a49ac68a7d90d9be60b5db93bc
PFSENSE.ORG >>> "e8a95fd5f1b40e878fedeffd585134bb" -
Another thing… my Snort Service show: Snort 2.9.1 v. pkg 2.1.1, I will try remove and add again.
-
Strange.. my rules are updated…
SNORT.ORG >>> "b7469cefc799ed158d2a483ed2cf689a"
EMERGINGTHREATS.NET >>> 014686a49ac68a7d90d9be60b5db93bc
PFSENSE.ORG >>> "e8a95fd5f1b40e878fedeffd585134bb"yeah, the rules will update; but did snort start?
Snort 2.9.1 v. pkg 2.1 is hardcoded into the code i believe, it wasn't updated.. only binaries from what i can tell.
P.S line 40 in /usr/usr/local/snort/snort.inc would need to be changed for the version number
-
Cino,
I try start snort.. but the error is:
snort[15802]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
-
snort[56806]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
Updated to latest ruleset same error.
-
Using only Emmerging Threads rules…
-
Solved.
I remove and delete all Snort entries on pfSense (find / -name snort)
After that all work perfectly.
Barnyard2 downloaded manually of course.
Thanks,
Brivaldo Jr -
Solved . Snort Interfaces > e (edit interface) > Categories …. now here first try to uncheck all of you ruleset and then try to start you snort. After that you can "check" and enable Ruleset from Category tab ... but Attention !!! with some of ruleset snort will not start. So my advice is .. "check" and enable a ruleset, restart snort to see if works (start)... and so on .
Srry for my language
Best Regards
Edited at 05:10:49 pm:
Weird ...worked only with Emmerging Rulsets , if i use snort rulsets snort doesnt start. ...... i will try again .. to search where is the problem
