DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default Snort Daemon not running

Dear All,

I'm using OpenBSD 5.7 and had installed Snort from packages but there is errors displayed when i executed snort. This error was execute using default configuration where i even did not edit/change any configuration in snort.

Quote:
Can't load library liblzma.s0.2.0
I did some research regarding this shared library and it is about the lzma compression library and i'm also installed the lzlib from packages but it seems not working fine. What are the packages i need to install? Thanks.

Last edited by Peter_APIIT; 28th June 2015 at 07:28 AM. Reason: Added clarification of problem
Reply With Quote
  #2   (View Single Post)  
Old 28th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,306
Default

Quote:
Originally Posted by Peter_APIIT View Post
I'm using OpenBSD 5.7...
You have not disclosed which flavor of OpenBSD is installed. Please provide the output of the command:

$ sysctl kern.version

Providing the output of dmesg(8) gives us the same information.

Assuming this is -release, have you installed archivers/xz as was suggested to you on misc@?

http://marc.info/?t=143539318000002&r=1&w=2

Last edited by ocicat; 28th June 2015 at 10:25 AM. Reason: corrected grammar
Reply With Quote
  #3   (View Single Post)  
Old 28th June 2015
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,033
Default Two step-by-step "How To" guides for Peter

How to post your dmesg online

Step 1. Put the dmesg in a file, or use the file created for you by OpenBSD during normal boot.
  • If the system is only able to run in single-user mode, pipe the output of dmesg(8) to a file.

    $ dmesg > /path/to/your/file
  • If the system is running in multi-user mode -- a normal boot process has completed -- you may use the copy of your dmesg created for you during boot: /var/run/dmesg.boot
Step 2. Post your dmesg file.
  • If you use the OpenBSD system as a graphical workstation, post the file contents via copy/paste from a visual editor into a browser.
  • If you are using a different system to post, copy the file to the system you post with.

    Here is step by step guidance to using a standard, MS-DOS (FAT) formatted USB stick to post a copy of your dmesg. These are globally available, and all that I have ever seen are already formatted in FAT format by the manufacturer for use in Windows systems.
    • Insert the USB stick into the OpenBSD system. Kernel console messages will appear, indicating the sd(4) device number assigned to the newly inserted stick. This will be sd0, or sd1, or sd2...or some other number. Note the number.
    • Mount the MS-DOS (FAT) partition, which is automatically assigned disklabel partition "i" on OpenBSD. Choose a convenient mount point. In this example, I have chosen /mnt and I will assume the sd(4) device number is sd9. Use the number that appeared on your console when you inserted the device. NOTE: You will need to issue this command as the superuser, so the prompt below uses "#" instead of "$" as an indicator of this requirement.

      # mount /dev/sd9i /mnt
    • Copy the dmesg file to the USB stick. As above, you'll need to do so as the superuser.

      # cp /var/run/dmesg.boot /mnt/my.first.dmesg
    • Unmount the USB stick. This too, requires the superuser.

      # umount /mnt
    • Remove the stick, and insert it into the system you post from. If that system is Windows, you can copy/paste from this file by opening it with Microsoft's built-in program Wordpad, since the file is from a Unix-like system and does not have CR/LF characters to denote end-of-line as a true MS-DOS text file. If you add ".wri" to the file name you use on the USB stick, Wordpad will be automatically used to open the file when you double click on the file from Windows Explorer.
How to participate on an OpenBSD mailing list

You have never replied (publicly) to any answers or follow-up questions you have received to questions you have posted on the misc@ mailing list, and based on this thread, it is not clear you have ever seen any of those replies to your questions.

Step 1. Subscribe before you post.

This way, you will receive Email even if a reply is sent only to the list, and not to you directly. There are two ways to subscribe to a list. You can send a structured Email to majordomo@, or you can use the majordomo Web portal. Both methods are described in www.openbsd.org/mail.html, the project's web page on mailing lists.

Step 2. Communicate.

Reply publicly to questions or guidance you receive publicly. It's considered impolite to ignore these attempts to help you.
  • If a follow-up question to you is published to the list, reply to the list. Do this even if the reply was also sent to you privately (e.g. the person used "reply all" from their Email program).
  • Reply privately to questions or guidance you receive privately. Do not post their Email to the list; it was sent to you privately and you do not have the sender's permission to post their content publicly.
Step 3. Provide the information requested.

People who ask questions of you are trying to help you. Answer as best you can. When they ask for a dmesg ... provide one. Better still, provide a dmesg before they ask ... so they don't have to request it of you.

Last edited by jggimi; 28th June 2015 at 01:45 PM. Reason: formatting, one typo, some clarity
Reply With Quote
  #4   (View Single Post)  
Old 29th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Problem solved after installed xz packages. Thanks you very much.

There is another problems.
Problems:
I cannot run snort in inline mode with daq afpacket with Snort 2.9.7 installed from packages.
I had check the daq dir and there is no afpacket share library at /usr/local/lib/daq.

How to enable the afpacket configuration ?

Last edited by Peter_APIIT; 29th June 2015 at 01:40 PM. Reason: Added questions.
Reply With Quote
  #5   (View Single Post)  
Old 29th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,306
Default

Quote:
Originally Posted by Peter_APIIT View Post
Problem solved after installed xz packages.
It is unclear from the lack of disclosed information whether you have mixed -current packages with a -release installation. As is discussed in Section 15.4.1 of the FAQ, mismatching packages to the base installation can lead to undefined behavior.

This practice is unsupported.

Until you disclose the version information which has been repeatedly requested, the state of your system is unknown, & it is a waste of everyone's time (including your own...) to continually ignore this potential problem.
Quote:
There is another problems.
This thread was about starting Snort. Discussing other Snort issues should go into separate threads.

However, I will repeat that it is unclear from what little information has been presented thus far whether you are dealing with an unsupported configuration.

Please provide the entire output of dmesg(8).

Last edited by ocicat; 29th June 2015 at 03:07 PM. Reason: correct grammar...
Reply With Quote
  #6   (View Single Post)  
Old 29th June 2015
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,033
Default

Quote:
Originally Posted by ocicat View Post
It is unclear from the lack of disclosed information whether you have mixed -current packages with a -release installation...
For readers here not following the misc@ thread, Peter had disclosed he was using 5.7 with a -current version of Snort.
Quote:
Please provide the entire output of dmesg(8).
I'll add that for clarity, I would like to see the complete output of $ pkg_info -q to confirm whether there is an out-of-sync condition that needs to be corrected.

Peter, please use the step-by-step instructions I provided in this thread to copy/paste your dmesg and package list into a reply.

If there is any confusion about any of the instructions, please ask. We need clear and unambiguous confirmation that you are running an undamaged system. I sent you a PM earlier today with steps to repair the system if it is damaged.

---

To use Snort on this OS, you must properly configure the DAQ library.
  • Since you have not provided command lines used or the resulting output, we do not know if you have configured DAQ correctly.
  • It is possible you are using the DAQ library correctly, and the problems you are now experiencing are due having -current packages on a -release system.
As mentioned in the misc@ thread, DAQ is configured for you if you use the provided daemon management script for operating Snort as an NDIS. For manual execution of Snort, you must use the -c or --daq-dir options on your command lines. A link to further discussion with example command lines was in that misc@ posting ... perhaps you missed the link.

If it appears we are not answering your questions or answering the wrong questions, it is because we are missing information which only you can provide.

---

Application-specific questions about Snort should be directed to the support channels provided by Cisco Systems (who own the Snort software development company Sourcefire) and the Snort community:

https://www.snort.org/faq/how-do-i-s...ns-about-snort

Last edited by jggimi; 29th June 2015 at 05:34 PM. Reason: clarity on DAQ requirements, information gathering, and communication
Reply With Quote
  #7   (View Single Post)  
Old 30th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

First of all, it is a typo error that i'm mentioned mixed release base installation with current packages.

Let me clarify once again: OpenBSD 5.7 official release and installed snort-2.9.7.0 and xz-5.2.0
The Snort and xz packages are get from the official openbsd 5.7 packages mirror system and I'm did not installed those packages from port tree or tar sources.

The above information was getting by issues pkg_info -qm command.

Thanks for the clarification.

Last edited by Peter_APIIT; 30th June 2015 at 12:31 PM.
Reply With Quote
  #8   (View Single Post)  
Old 30th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,306
Default

Quote:
Originally Posted by Peter_APIIT View Post
First of all, it is a typo error that i'm mentioned mixed release base installation with current packages.
Please provide the complete output of dmesg(8).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort 2.9.1 improves protocol handling J65nko News 0 30th August 2011 12:26 AM
Question about Snort sensor placement unixjingleman OpenBSD Security 1 1st June 2011 04:43 AM
PF + SNORT on one machine WeakSauceIII OpenBSD Security 5 30th July 2009 09:02 AM
Best way to check if freebsd server is running a nameserver service/daemon Yuka FreeBSD General 7 6th November 2008 01:26 AM
snort install error ijk FreeBSD Installation and Upgrading 1 11th August 2008 10:53 AM


All times are GMT. The time now is 12:16 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick