Snort 2.9.1 pkg v. 2.1.1 Error.
-
Cino,
I try start snort.. but the error is:
snort[15802]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
-
snort[56806]: FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined.
Updated to latest ruleset same error.
-
Using only Emmerging Threads rules…
-
Solved.
I remove and delete all Snort entries on pfSense (find / -name snort)
After that all work perfectly.
Barnyard2 downloaded manually of course.
Thanks,
Brivaldo Jr -
Solved . Snort Interfaces > e (edit interface) > Categories …. now here first try to uncheck all of you ruleset and then try to start you snort. After that you can "check" and enable Ruleset from Category tab ... but Attention !!! with some of ruleset snort will not start. So my advice is .. "check" and enable a ruleset, restart snort to see if works (start)... and so on .
Srry for my language
Best Regards
Edited at 05:10:49 pm:
Weird ...worked only with Emmerging Rulsets , if i use snort rulsets snort doesnt start. ...... i will try again .. to search where is the problem -
Hopefully there will be a fix soon, it blew out my snort completely, so now I have nothing
-
Just tried install on snort, it works now
-
having the same #3 error "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined." having all rules unchecked
-
having the same #3 error "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined." having all rules unchecked
I had the same error and had to delete the contents of /usr/local/lib/snort/dynamicrules. After that everything seemed fine and all my rules seem to work.
-
Thanks DigitalDeviant that worked nicely.
-
I use ony Emmerging Rules and snort works fine… until this bug will be fixed.
Best Regards
-
there were some changes made to the snort package to remove anything that was left behind… I did a reinstall and was able to download snorts ruleset and start a few up with no issues... I didn't check every rule since I only use a handful.
-
try reinstalling now… looks like it is fixed
-
having the same #3 error "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined." having all rules unchecked
I had the same error and had to delete the contents of /usr/local/lib/snort/dynamicrules. After that everything seemed fine and all my rules seem to work.
This works provided you're only using EMERGING rule set. Is there a fix that enables you to also use SNORT rules?
-
having the same #3 error "FATAL ERROR: ByteExtract variable '^Authorization\x3A\s*Basic[ \t]+' in rule [3:13308] is used before it is defined." having all rules unchecked
Solved this by disabling all rules in snort_web-misc.so.rules category - EVEN THOUGH THIS CATEGORY WAS UNCHECKED IN CATEGORIES SCREEN. I thought that only rules from checked categories were enabled. Am I missing something, besides an illogical brain?
Update: Error reappeared after 12+ hours. No solution yet!
-
It was running fine, until I updated today to last snapshot.
Now it won't start anymore, please check it out.
-
Here is the problem:
Jun 12 13:20:43 snort[26817]: FATAL ERROR: parser.c(5245) Could not stat dynamic module path "/usr/local/lib/snort/dynamicpreprocessor": No such file or directory.
Jun 12 13:20:43 snort[26817]: FATAL ERROR: parser.c(5245) Could not stat dynamic module path "/usr/local/lib/snort/dynamicpreprocessor": No such file or directory. -
I uninstalled, re-installed, tried:
1.) ln -s /lib/libpcap.so.7 /lib/libpcap.so.1
2.) ln -s /usr/local/lib/snort/dynamicpreprocessor /usr/local/lib/snort_dynamicpreprocessor
3.) ln -s /usr/local/lib/snort/dynamicengine /usr/local/lib/snort_dynamicengine
4.) ln -s /usr/local/lib/snort/dynamicrules /usr/local/lib/snort_dynamicrules
5.) manually update the Snort rules.
6.) touch /usr/local/etc/snort/rules/local.rulesDisabled everything on "Preprocessors" tab, nothing!
It refuses to run, this problem just "popped" today from last snapshot update. :(
-
This is all on it:
[2.1-BETA0][root@*****]/usr/local/lib/snort(8): ls -laR total 8 drwxr-xr-x 3 root wheel 512 Jun 12 13:38 . drwxr-xr-x 14 root wheel 3584 Jun 12 13:38 .. drwxr-xr-x 2 root wheel 512 Jun 12 13:38 dynamicrules ./dynamicrules: total 4 drwxr-xr-x 2 root wheel 512 Jun 12 13:38 . drwxr-xr-x 3 root wheel 512 Jun 12 13:38 .. -
Man.. after update… the alert page (snort_alerts.php) apear blank when I try see the alerts generated.