I upgraded my version of snort today to find it didn't load properly, due to the new dynamic preprocesors. Two issues here, and fixing both resolved the issue. 1. The dynamicplugin USE flag shoudl be enabled by default, as snort will nto start without this flag enabled (or I guess edits are made to snort.conf to eliminate all calls to this). Without this USE flag enabled this error shows in the logs: FATAL ERROR: /etc/snort/snort.conf(197) => Unknown rule type: dynamicpreprocessor 2. The default snort.conf points to an incorrect place (/usr/local instead of /usr) to load the dynamic engine. This error results: Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... FATAL ERROR: Failed to load /usr/local/lib/snort_dynamicengine/libsf_engine.so: /usr/local/lib/snort_dynamicengine/libsf_engine.so: cannot open shared object file: No such file or directory These two lines in snort.conf need to be changed to be: dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so Reproducible: Always Steps to Reproduce: 1. Install snort via the default useflags 2. /etc/init.d/snort start 3. This should result in an error Actual Results: See description Expected Results: See description See description
Thanks for the suggestions Mike. Both are included in snort-2.6.1.3-r1 as follows. 1. Took your later suggestion and commented out the config of dynamic processor if dynamicplugin was not selected. 2. Paths have been corrected. Hope this correct the previous faults for you.
