Snort error on FreeBSD-9: Unknown preprocessor "ftp_telnet"

1

1

I've installed "Snort" on FreeBSD-9.1 (32-bit) from the standard ports using:

pkg_add -r snort

After configuring and running with:

snort -c /etc/snort/snort.conf -A full -u snort -g snort -i em1 -T

I'm getting this error:

ERROR: /etc/snort/snort.conf(337) Unknown preprocessor: "ftp_telnet".

Doing some search on the Internet, the only thing I found is that this could happen if I'm using a snort.conf with a different version from snort itself, but this is not my case. My snort version is:

 ,,_     -*> Snort! <*-
o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40) 
 ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
         Copyright (C) 1998-2012 Sourcefire, Inc., et al.
         Using libpcap version 1.3.0
         Using PCRE version: 8.31 2012-07-06
         Using ZLIB version: 1.2.7

and I'm using snortrules-snapshot-2931.tar.gz from snort.org.

I've had some previous experience installing and running snort on Linux and I never faced such errors, but I'm fairly new to BSD-UNIX.

Seyed Mohammad

Posted 2013-04-21T09:36:33.587

Reputation: 2 652

No one answered this question in a long time, and all my attempts failed to solve it and the importance of this has now passed for me ... But for anyone else who might face this issue, I think the cause of the problem is that I installed Snort from the ports ... I haven't tried it yet but my best guess is that if I try and install this from source, this problem won't show up ... So, in short: Try installing Snort from source and not from the ports. – Seyed Mohammad – 2013-05-03T13:05:44.043

Answers

1

It looks like "make install" didn't create the necessary sym links in

/usr/local/lib/snort_dynamicpreprocessor

Do the following and see if it fixes it.

cd /usr/local/lib/snort_dynamicpreprocessor

ln -s libsf_ftptelnet_preproc.so.0.0 libsf_ftptelnet_preproc.so
ln -s libsf_dcerpc_preproc.so.0.0 libsf_dcerpc_preproc.so
ln -s libsf_smtp_preproc.so.0.0 libsf_smtp_preproc.so
ln -s libsf_dns_preproc.so.0.0 libsf_dns_preproc.so
ln -s libsf_ssh_preproc.so.0.0 libsf_ssh_preproc.so

Pouya

Posted 2013-04-21T09:36:33.587

Reputation: 13

0

On CentOS7 I see same error, I found this line isn't correct dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ the correct path is dynamicpreprocessor directory /usr/lib64/snort-2.9.8.3_dynamicpreprocessor/ and 

# path to base preprocessor engine
dynamicengine /usr/local/lib64/snort-2.9.8.3_dynamicengine/libsf_engine.so

Pouya

Posted 2013-04-21T09:36:33.587

Reputation: 13

0

No one answered this question in a long time, and all my attempts failed to solve it and the importance of this has now passed for me ... But for anyone else who might face this issue, I think the cause of the problem is that I installed Snort from the ports ... I haven't tried it yet but my best guess is that if I try and install this from source, this problem won't show up.

So, in short: Try installing Snort from source and not from the ports. Here is a useful link on installing Snort from source on FreeBSD-9:

Seyed Mohammad

Posted 2013-04-21T09:36:33.587

Reputation: 2 652

Asked: 2013-04-21T09:36:33.587

Viewed: 1 713 times

Active: 2019-10-23T06:23:22.440