Latest Snort Upgrade error in library engine
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
If you have the "mismatched library version" error, that means your disk structure still contains files from the 2.9.8.0 rule set. It should get cleared out and fixed if you force a rule download on the UPDATES tab. If not, you can remove the Snort package using the DELETE icon on the Package Manager page and the reinstall Snort from scratch.
Bill
still will not start
FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.same error.
do i need to restart server after uninstall before reinstall?
-
thanks for the suggestions but the error still exists and snort does not start. if no one is having this issue i will reinstall / reconfigure but it was working before.
If you have the "mismatched library version" error, that means your disk structure still contains files from the 2.9.8.0 rule set. It should get cleared out and fixed if you force a rule download on the UPDATES tab. If not, you can remove the Snort package using the DELETE icon on the Package Manager page and the reinstall Snort from scratch.
Bill
still will not start
FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.same error.
do i need to restart server after uninstall before reinstall?
Try this brute force approach. Manually delete the /usr/local/lib/snort_dynamicengine directory and all files in it, then force a rules update. Or for an even more radical approach, remove the Snort package again, open a shell command line session and delete all the snort directories you see in /usr/local/lib, then reinstall Snort.
I may have asked you already, and if so forgive me for asking again, but are you by chance running this on NanoBSD? For some reason your old Snort version shared object rules are not getting removed and overwritten with the new version during updates from the new Snort 2.9.8.3 package. Shared object rules are pre-compiled and tagged with specific version numbers that tie them to the Snort binary. Each time the binary updates, the shared object rules get a new version number. The error message is telling us that you have a version mismatch between the Snort binary and the installed shared object pre-compiled rules.
Bill
-
not running the nanobsd version.
i will remove all remnants and try again.
thanks for the help
-
Or for an even more radical approach, remove the Snort package again, open a shell command line session and delete all the snort directories you see in /usr/local/lib, then reinstall Snort.
Bill
did this. i like clean :)
now working again. thanks Bill
-
Or for an even more radical approach, remove the Snort package again, open a shell command line session and delete all the snort directories you see in /usr/local/lib, then reinstall Snort.
Bill
did this. i like clean :)
now working again. thanks Bill
Great! Thanks for the feedback. Not sure why those directories did not get cleaned on the remove and reinstall, though. That is supposed to happen.
Bill
-
Thanks to this thread I was able to get snort working again, but I stall can't get VRT rules or community rules to update at all or even openAppID rules for that matter only ET rules.
here is a pastebin of the log.. http://pastebin.com/uG6akM28
Disable SSL Peer is checked… i've also regenerated a new Oinkmaster Code with no good results.
snort ver. 3.2.9.1_14 snort -2.9.8.3 and barnyard2-1.13 installed
Any help appreciated!
-
omg.. never mind.. it was the dnsbl in pfBlocker that was causing my issue… now i feel stupid.. pffft!
-
Aug 9 20:37:15 php-fpm 23902 /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 11181 -D -l /var/log/snort/snort_em011181 –pid-path /var/run --nolock-pidfile -G 11181 -c /usr/local/etc/snort/snort_11181_em0/snort.conf -i em0' returned exit code '1', the output was ''
Aug 9 20:37:15 snort 26537 FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p5 -
i have solved problem.
remove interface and add wan interface after.
-
Try completely removing the Snort package and then install it again. If you have "save settings" checked on the GLOBAL SETTINGS tab, you won't lose any configuration.
Bill
Just upgraded to PfSense 2.3.2 with snort-2.9.8.3 and experienced this issue… worked like a charm thanks much.
-
I am still having this issue. I have tried ALL tips from the Interwebs. No luck.
Any more tips? -
