Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort failed to load .so: invalid file format

    IDS/IPS
    2
    6
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      themaninspain
      last edited by

      I am having problems starting snort on my network interfaces and get the following error message in the system logs:

      snort[62998]: FATAL ERROR: Failed to load /usr/pbi/snort-amd64/lib/snort_dynamicrules/server-mysql.so: /usr/pbi/snort-amd64/local/lib/snort_dynamicrules/server-mysql.so: invalid file format

      I have tried updating the rules and uninstalling/reinstalling snort but the problem persists. As the file is downloaded from snort.org how can I make sure this problem gets fixed?

      pfSense version is 2.2.4 (AMD64)
      The package version installed is: Snort 2.9.7.5 pkg v3.2.8
      Hardware is a Gigabyte JA-1900N D3v with 4GB of RAM and a 60GB SSD.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        This error indicates one of the dynamic rules libraries is corrupt.  Don't know if it is limited to just your machine or if there is a problem with the tarball downloaded from Snort.org.  Check the Snort mailing lists and see if anyone else is reporting a problem.

        For what it's worth, I reinstalled Snort on my personal firewall a few minutes ago while updating it and did not see any errors on startup.  However, I don't have SQL Server rules enabled so that may be why I saw no error.

        Bill

        1 Reply Last reply Reply Quote 0
        • T
          themaninspain
          last edited by

          Thanks for the reply,

          Just reinstalled snort and the problem has disappeared. What worries me is that having automatic rules updates means that this can happen again.

          Alan

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            Perhaps the rules tarball itself was temporarily bad.  When you reinstall Snort, it downloads the rules again, so the tarball may have been fixed by then.  Just a guess, though.

            Bill

            1 Reply Last reply Reply Quote 0
            • T
              themaninspain
              last edited by

              it's happened a couple of times again. Updating didn't work, so I manually deleted the problem .so files and managed to restart Snort. Afterwards the updates work normally.

              1 Reply Last reply Reply Quote 0
              • T
                themaninspain
                last edited by

                I've posted a comment on another thread, but I thought it would be useful to post it here.

                As stated above I am using a Gigabyte motherboard which uses Realtek gigabit chips, which were giving me problems on the WAN. I added an expansion card with Intel chips to try to resolve the problem (which it did) and it also had the side effect of eliminating my problems with Snort! The network issue was that my WAN interface uses PPPoE and this would fail after 3-4 days and I would need to reboot pfSense.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post