问题
I can't seem to find the answer to this issue. A lot of topics exist for similar errors but they are all Linux based.
The issue I'm having is that when attempting to run Snort (snort.exe -v -I), it will capture nothing but I assume this is because I have not set an interface. After running snort.exe -W, I found the interface to use and specified this in the command line but I get the following error - ERROR: Can't set DAQ BPF filter to '2'.
I skipped past this error briefly to try and test Snort with -T and -c to specify the config file but it gives the following error - Missing/incorrect dynamic engine lib specifier. I located this line in the config file and changed it from /usr/local/snort_dynamicengine/libsf_engine.so to c:\Snort\lib\snort_dynamicengine\sf_engine.dll (the correct path and file name) but the error remains.
I remember installing Snort on a Windows Server 2012 deployment a couple of months back with no issues at all.
Any idea what is causing this error?
NOTE: I've also corrected the other paths i.e. rules.
回答1:
I just had also the Problem, and solve it delete a single /
ERROR:: c:\snort\etc\snort.conf (246) Missing/incorrect dynamic engine lib specifie.
So i edit:
dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor\ <---*
This "\" was wrong
回答2:
I know the answer is late, but still, I just ran into this issue and I think a valid answer should be provided. Anyways, the problem is based on paths, all of the snort.conf file are paths relative to linux specific locations. So that's problem number one, the second problem comes with snort parsing whatever path you give it in the -c option and prepending it to all the rules path (I know, weird) this should not happen if you (and most windows users) use absolute paths. So the solution I came up with is:
PLEASE NOTE, every single path is wrong, the following snippet only helps you to advance one step, after this, you need to correct all the file paths.
In your snort.conf file (usually c:\snort\etc\snort.conf)
###################################################
# Step #4: Configure dynamic loaded libraries.
# For more information, see Snort Manual, Configuring Snort - Dynamic Modules
###################################################
# path to dynamic preprocessor libraries
dynamicpreprocessor directory C:\Snort\lib\snort_dynamicpreprocessor
# path to base preprocessor engine
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
# path to dynamic rules libraries
# dynamicdetection directory /usr/local/lib/snort_dynamicrules
回答3:
Rule to Remember
Always use a proper text editor to edit config file like this because some time when you copy and paste code in notepad and edit so some extra spaces added into the text which cause increase in bytes or altering the code statements. Good thing is some editors provide proper line number so you can easily navigate to the error show by snort in command prompt.
Solution
In My Scenario
due to this
this is because some spaces were added after
leaving the code statement on the next line which is not correct and this will be read during execution of snort because this IS NO LONGER A COMMENT since >you took it out from comment section which is marked as # (per line)this is due to white spaces added when you copy and paste code in some poor editors.
After Removing white space
Finally dynamic engine line should look like this to make it work
来源:https://stackoverflow.com/questions/37561892/snort-dynamic-engine-issues-on-windows