Snort 2.8.6 pkg v. 1.31 on pFSENSE Beta4 preprocessor issue (solved)

  • Hi i cant config Snort v1.31

    i did

    Performance Statistics
    Enable  Performance Statistics for this interface.
    HTTP Inspect Settings
    Enable  Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.
    and HTTP server flow depth "0"

    but snort already giving

    ERROR: parser.c(5161) Could not stat dynamic module path "/usr/local/lib/snort_dynamicpreprocessor/": No such file or directory.
    Badly placed ()'s.

    please help me.

    im already updated snort rules and configured.

    i check this /usr/local/lib/ directory they are have only snort folder

    inside from snort folder have dynamicpreprecessor.

    im tryed change snort.conf for /usr/local/lib/snort/dynamicpreprocessor/

    but already giving many problems.

  • i found solution

    i check /usr/local/etc/snort/ folder
    and i see antoher snort.conf file inside from folder /snort_5656_pppoe1
    but this conf file diff from /usr/local/etc/snort/

    i replace them /usr/local/etc/snort/ folder and working correct now.

    sorry my bad english  ;D

  • Not seeing this error in the code. hmmm

    snort.conf should have this.

    #Configure dynamic loaded libraries
    dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/

    Seems for some resone you guys have this.

    #Configure dynamic loaded libraries
    dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/


  • installed today snort and having that same error: 2.0-BETA5 (amd64) built on Thu Feb 24 18:23:48 EST 2011, snort: pkg v. 1.35.

    replaced the /usr/local/etc/snort/snort.conf by /usr/local/etc/snort_7413_pppoe0/snort.conf.

    But now i get tons of errors like this when starting snort via commandline:

    usr/local/etc/snort/snort_7413_pppoe0/rules/snort_netbios.rules(58): GID 1 SID 2349 in rule duplicates previous rule. Ignoring old rule.
    ERROR: /usr/local/etc/snort/snort_7413_pppoe0/rules/snort_netbios.rules(72) GID 1 SID 2511 in rule duplicates previous rule, with different protocol.
    Fatal Error, Quitting..

    Any hints? thanks

Log in to reply