Actions
Bug #6736
closed
Snort fails to start after upgrade to 2.3.2-RELEASE
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
08/22/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.3.2
Affected Plus Version:
Affected Architecture:
amd64
Description
After upgrading to 2.3.2-Release from 2.3.1-5 snort fails to start with a FATAL error: Aug 22 11:20:01 pfSense snort12846: FATAL ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
The full output of snort -T -c snort.conf is as follows:
Running in Test mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "snort.conf"
PortVar 'DNS_PORTS' defined : [ 53 ]
PortVar 'SMTP_PORTS' defined : [ 25 ]
PortVar 'MAIL_PORTS' defined : [ 25 465 587 691 ]
PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 591 593 631 901 1220 1414 1533 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999:10000 11371 15489 29991 33300 34412 34443:34444 41080 44440 50000 50002 51423 55555 56712 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'MSSQL_PORTS' defined : [ 1433 ]
PortVar 'TELNET_PORTS' defined : [ 23 ]
PortVar 'SNMP_PORTS' defined : [ 161 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'POP2_PORTS' defined : [ 109 ]
PortVar 'POP3_PORTS' defined : [ 110 ]
PortVar 'IMAP_PORTS' defined : [ 143 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'AUTH_PORTS' defined : [ 113 ]
PortVar 'FINGER_PORTS' defined : [ 79 ]
PortVar 'IRC_PORTS' defined : [ 6665:6669 7000 ]
PortVar 'SMB_PORTS' defined : [ 139 445 ]
PortVar 'NNTP_PORTS' defined : [ 119 ]
PortVar 'RLOGIN_PORTS' defined : [ 513 ]
PortVar 'RSH_PORTS' defined : [ 514 ]
PortVar 'SSL_PORTS' defined : [ 443 465 563 636 989 992:995 7801:7802 7900:7920 ]
PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 591 593 631 901 1220 1414 1533 1741 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 5250 6080 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999:10000 11371 15489 29991 33300 34412 34443:34444 41080 44440 50000 50002 51423 55555 56712 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'SUN_RPC_PORTS' defined : [ 111 32770:32779 ]
PortVar 'DCERPC_NCACN_IP_TCP' defined : [ 139 445 ]
PortVar 'DCERPC_NCADG_IP_UDP' defined : [ 138 1024:65535 ]
PortVar 'DCERPC_NCACN_IP_LONG' defined : [ 135 139 445 593 1024:65535 ]
PortVar 'DCERPC_NCACN_UDP_LONG' defined : [ 135 1024:65535 ]
PortVar 'DCERPC_NCACN_UDP_SHORT' defined : [ 135 593 1024:65535 ]
PortVar 'DCERPC_NCACN_TCP' defined : [ 2103 2105 2107 ]
PortVar 'DCERPC_BRIGHTSTORE' defined : [ 6503:6504 ]
PortVar 'DNP3_PORTS' defined : [ 20000 ]
PortVar 'MODBUS_PORTS' defined : [ 502 ]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-BNFA-Q
Maximum pattern length = 20
Search-Method-Optimizations = enabled
Tagged Packet Limit: 256
Loading all dynamic engine libs from /usr/local/lib/snort_dynamicengine...
Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Finished Loading all dynamic engine libs from /usr/local/lib/snort_dynamicengine
Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-ie.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit-kit.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-executable.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-flash.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-image.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-java.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-multimedia.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-office.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-pdf.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/indicator-shellcode.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-cnc.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-linux.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-windows.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/policy-social.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/pua-p2p.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-dns.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-nntp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-snmp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-tftp.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-voip.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-apache.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-iis.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mail.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mysql.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-oracle.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-other.so... done
Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-webapp.so... done
Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules
Loading all dynamic preprocessor libs from /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor...
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_smtp_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_ssl_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_sip_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_ssh_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_dce2_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_dns_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_pop_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_imap_preproc.so... done
Loading dynamic preprocessor library /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor/libsf_appid_preproc.so... done
Finished Loading all dynamic preprocessor libs from /usr/local/etc/snort/snort_27581_pppoe0/snort_dynamicpreprocessor
ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/server-webapp.so" version 1.0 compiled with dynamic engine library version 2.4 isn't compatible with the current dynamic engine library "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.6.
Fatal Error, Quitting..Further investigation showed that the snort ruleset was not updated. FORCE UPDATING did update the ruleset and now everything is working fine.
Updated by 
Updated by 
Updated by
Actions