Latest Snort Upgrade error in library engine
-
As I mentioned in another post, it installed correctly for me. This is my system:
2.3.1-RELEASE-p5 (i386)
built on Thu Jun 16 12:53:31 CDT 2016
FreeBSD 10.3-RELEASE-p3Services
Service Description Status Actions
dhcpd DHCP Service Running
dpinger Gateway Monitoring Daemon Running
ntpd NTP clock sync Running
snort Snort IDS/IPS Daemon Running
sshd Secure Shell Daemon Running
unbound DNS Resolver RunningInstalled Packages
Name Category Version
Cron sysutils 0.3.6_2
snort security 3.2.9.1_14
Dependencies: barnyard2-1.13 snort-2.9.8.3
System_Patches sysutils 1.1.4_1 -
Hi Bmeeks,
Thanks for the response.
I had already tried that but i did it again like you suggested. Rebooted the system, removed snort, rebooted again and installed snort again and I am still getting the same error.
Can you give another suggestion? Something that I may be missing or not doing.
Thank you.
Is server-webapp the only shared object rules you have enabled, or are there others enabled? Might be a problem with just that rule set (but I sort of doubt that). I don't have any public facing web servers in my network, so I don't have that rule set enabled.
Bill
-
Hi Everyone,
I have tried removing everything and doing a fresh install of Snort and I am still getting the same error and some different ones now.
I will try doing a fresh install of Pfsense later. For now I will continue using it without snort. Everything else seems to be working fine.
Thanks for all your help.
-
I just tested enabling that shared object rule set in a virtual machine and had no issues. Are you by chance running a NanoBSD version of pfSense?
Bill
-
Hi,
I have also just upgraded and have exactly the same error - however i dug a bit further and noticed this in the logs for a forced update in the update tab which fails to download the Snort VRT rules:-Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Expected File MD5:
Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Downloaded File MD5: fcf6bf610e0f417ae97bb9efd30e73c2
Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Snort VRT rules file download failed. Bad MD5 checksum…
Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfullyIt appears to not be downloading the MD5 for the ruleset correctly and matching on a blank MD5 - any suggestions?
-
same issue…subscribing
-
Same issue here
-
same issue.
-
Hi,
I have also just upgraded and have exactly the same error - however i dug a bit further and noticed this in the logs for a forced update in the update tab which fails to download the Snort VRT rules:-Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Expected File MD5:
Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Downloaded File MD5: fcf6bf610e0f417ae97bb9efd30e73c2
Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Snort VRT rules file download failed. Bad MD5 checksum…
Jul 11 22:17:56 php-cgi snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfullyIt appears to not be downloading the MD5 for the ruleset correctly and matching on a blank MD5 - any suggestions?
This is not a Snort package problem. The Snort VRT rules checksum file posted is not formatted correctly. The VRT guys should get it sorted out soon.
Bill
-
Just forced an update and it seems to be working now.
-
same issue…subscribing
just to clarify…i am having the same issue as the OP not the VRT issue. I have actually disabled all rulesets.
Jul 12 11:41:26 snort 80512 FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
-
same issue…subscribing
just to clarify…i am having the same issue as the OP not the VRT issue. I have actually disabled all rulesets.
Jul 12 11:41:26 snort 80512 FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
Hi,
Just so you know i had exactly that issue as well after i updated to the latest version of Snort. However, after i searched the forum i saw people suggest that i force update the ruleset to resolve that issue,. This I did but then noticed the issue above.However, now, forcing the update has resolved both issues so you may want to try that.
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
If you have the "mismatched library version" error, that means your disk structure still contains files from the 2.9.8.0 rule set. It should get cleared out and fixed if you force a rule download on the UPDATES tab. If not, you can remove the Snort package using the DELETE icon on the Package Manager page and the reinstall Snort from scratch.
Bill
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
If you have the "mismatched library version" error, that means your disk structure still contains files from the 2.9.8.0 rule set. It should get cleared out and fixed if you force a rule download on the UPDATES tab. If not, you can remove the Snort package using the DELETE icon on the Package Manager page and the reinstall Snort from scratch.
Bill
i have done a force update 5 times. i will do a delete and reinstall.
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
If you have the "mismatched library version" error, that means your disk structure still contains files from the 2.9.8.0 rule set. It should get cleared out and fixed if you force a rule download on the UPDATES tab. If not, you can remove the Snort package using the DELETE icon on the Package Manager page and the reinstall Snort from scratch.
Bill
still will not start
FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
same error.
do i need to restart server after uninstall before reinstall?
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
If you have the "mismatched library version" error, that means your disk structure still contains files from the 2.9.8.0 rule set. It should get cleared out and fixed if you force a rule download on the UPDATES tab. If not, you can remove the Snort package using the DELETE icon on the Package Manager page and the reinstall Snort from scratch.
Bill
still will not start
FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
same error.
do i need to restart server after uninstall before reinstall?
Try this brute force approach. Manually delete the /usr/local/lib/snort_dynamicengine directory and all files in it, then force a rules update. Or for an even more radical approach, remove the Snort package again, open a shell command line session and delete all the snort directories you see in /usr/local/lib, then reinstall Snort.
I may have asked you already, and if so forgive me for asking again, but are you by chance running this on NanoBSD? For some reason your old Snort version shared object rules are not getting removed and overwritten with the new version during updates from the new Snort 2.9.8.3 package. Shared object rules are pre-compiled and tagged with specific version numbers that tie them to the Snort binary. Each time the binary updates, the shared object rules get a new version number. The error message is telling us that you have a version mismatch between the Snort binary and the installed shared object pre-compiled rules.
Bill
-
not running the nanobsd version.
i will remove all remnants and try again.
thanks for the help
-
Or for an even more radical approach, remove the Snort package again, open a shell command line session and delete all the snort directories you see in /usr/local/lib, then reinstall Snort.
Bill
did this. i like clean :)
now working again. thanks Bill
-
Or for an even more radical approach, remove the Snort package again, open a shell command line session and delete all the snort directories you see in /usr/local/lib, then reinstall Snort.
Bill
did this. i like clean :)
now working again. thanks Bill
Great! Thanks for the feedback. Not sure why those directories did not get cleaned on the remove and reinstall, though. That is supposed to happen.
Bill