[Oisf-users] Getting error when running Suricata

Leonard Jacobs ljacobs at netsecuris.com
Sat Dec 2 00:45:00 UTC 2017 

All I had to do is copy ./usr/local/lib/x86_64-linux-gnu/libhs.so.4 /usr/lib/x86_64-linux-gnu/ then ran sudo ldconfig for good measure.  Now suricata runs.  Build-info says that hyperscan is compiled in.

Thanks to all.


 From:   jason taylor <jtfas90 at gmail.com> 
 To:   Leonard Jacobs <ljacobs at netsecuris.com>, Jeremy MJ <jskier at gmail.com> 
 Cc:   Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org> 
 Sent:   11/30/2017 9:08 PM 
 Subject:   Re: [Oisf-users] Getting error when running Suricata 

Response inline. 
 
JT 
 
On Thu, 2017-11-30 at 20:57 -0600, Leonard Jacobs wrote: 
>         linux-vdso.so.1 =>  (0x00007ffccef4f000) 
>         libhtp.so.2 => /usr/lib/libhtp.so.2 (0x00007f09721ad000) 
>         librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 
> (0x00007f0971fa5000) 
>         libGeoIP.so.1 => /usr/lib/x86_64-linux-gnu/libGeoIP.so.1 
> (0x00007f0971d76000) 
>         libluajit-5.1.so.2 => /usr/local/lib/libluajit-5.1.so.2 
> (0x00007f0971b06000) 
>         libmagic.so.1 => /usr/lib/x86_64-linux-gnu/libmagic.so.1 
> (0x00007f09718ea000) 
>         libcap-ng.so.0 => /usr/lib/x86_64-linux-gnu/libcap-ng.so.0 
> (0x00007f09716e5000) 
>         libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 
> (0x00007f09714a7000) 
>         libnet.so.1 => /usr/lib/x86_64-linux-gnu/libnet.so.1 
> (0x00007f097128e000) 
>         libnetfilter_queue.so.1 => /usr/lib/x86_64-linux- 
> gnu/libnetfilter_queue.so.1 (0x00007f0971087000) 
>         libnfnetlink.so.0 => /usr/lib/x86_64-linux- 
> gnu/libnfnetlink.so.0 (0x00007f0970e80000) 
>         libjansson.so.4 => /usr/lib/x86_64-linux-gnu/libjansson.so.4 
> (0x00007f0970c74000) 
>         libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
> (0x00007f0970a56000) 
>         libyaml-0.so.2 => /usr/lib/x86_64-linux-gnu/libyaml-0.so.2 
> (0x00007f0970836000) 
>         libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 
> (0x00007f09705f8000) 
>         libhs.so.4 => not found 
Here we are, as Jeremy mentioned, suricata isn't able to find the 
libhs.so.4 library. 
 
A couple of options: 
 
1. as root run ldconfig then try and relaunch suricata. If that doesn't 
work, try: 
 
2. remove and rebuild hyperscan and specify the lib directory you want 
(likely something like /usr/lib/x86_64-linux/gnu judging from the other 
library locations) 
 
3. a slight variation on what Jeremy suggested earlier is to try a 
symlink of /usr/local/lib/x86_64-linux-gnu/libhs.so.4 in 
/usr/lib/x86_64-linux-gnu/, run ldconfig, try launching suricata 
 
>         libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 
> (0x00007f097022f000) 
>         libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 
> (0x00007f0970016000) 
>         libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 
> (0x00007f096fd10000) 
>         libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 
> (0x00007f096fb0c000) 
>         libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 
> (0x00007f096f8f6000) 
>         /lib64/ld-linux-x86-64.so.2 (0x00007f09723cc000) 
>         libmnl.so.0 => /usr/lib/x86_64-linux-gnu/libmnl.so.0 
> (0x00007f096f6f1000) 
>  
>  
> From: Jeremy MJ <jskier at gmail.com>  
> To: Leonard Jacobs <ljacobs at netsecuris.com>  
> Cc: Jason Taylor <jtfas90 at gmail.com>, Open Information Security 
> Foundation <oisf-users at lists.openinfosecfoundation.org>  
> Sent: 11/30/2017 8:41 PM  
> Subject: Re: [Oisf-users] Getting error when running Suricata  
>  
> > Interesting it compiled from source, but I think it's looking for 
> > the lib in the wrong place after installing on your Ubuntu system 
> > (perhaps something went wonky after make install). If you're able 
> > to share the configure options you used, this would help 
> > troubleshoot too. I typically don't work much with Ubuntu, but 
> > shouldn't libhs be in /usr/lib? If it's a non-production 
> > environment, a copy of the file over to that directory to see if it 
> > alleviates the problem would confirm this. 
> >  
> > Re ldd. Try this: ldd /usr/bin/surictata 
> > Or wherever the full path is to the surictata binary. This would be 
> > the same thing the which command would return for ldd to check. It 
> > should list shared libraries the binary uses with their respective 
> > paths. 
> >  
> > Jeremy 
> >  
> >  
> > On Nov 30, 2017 7:36 PM, "Leonard Jacobs" <ljacobs at netsecuris.com> 
> > wrote: 
> > > Ubuntu 16.04 
> > > Compiled Suricata after installing Hyperscan. 
> > > I followed the instructions in documentation. 
> > >  
> > > Give me specifically what you want with ldd.  Better Example? 
> > >  
> > > I have installed Suricata numerous times but never had this 
> > > problem.  Can't even run suricata --build-info without error.  
> > > After running ./configure I saw that Hyperscan was enabled. 
> > >  
> > > From: Jason Taylor <jtfas90 at gmail.com>  
> > > To: Leonard Jacobs <ljacobs at netsecuris.com>  
> > > Cc: <oisf-users at lists.openinfosecfoundation.org>  
> > > Sent: 11/30/2017 6:40 PM  
> > > Subject: Re: [Oisf-users] Getting error when running Suricata  
> > >  
> > > > Hi Leonard, 
> > > >  
> > > > What OS is this running on?  
> > > >  
> > > > How did suricata get installed? 
> > > >  
> > > > How did hyperscan get installed? 
> > > >  
> > > > Can you post the output of  'ldd $(which suricata)' ? 
> > > >  
> > > > Thanks! 
> > > >  
> > > > JT 
> > > >  
> > > > On Nov 30, 2017 19:10, "Leonard Jacobs" <ljacobs at netsecuris.com 
> > > > > wrote: 
> > > > > I am getting the following error when running anything with 
> > > > > suricata.  I am not sure what it means.  I can see libhs.so.4 
> > > > > file in /usr/local/lib/x86_64-linux-gnu/ directory. 
> > > > >  
> > > > > suricata: error while loading shared libraries: libhs.so.4: 
> > > > > cannot open shared object file: No such file or directory 
> > > > >  
> > > > >  
> > > > > _______________________________________________ 
> > > > > Suricata IDS Users mailing list: oisf-users at openinfosecfounda 
> > > > > tion.org 
> > > > > Site: http://suricata-ids.org | Support: http://suricata-ids. 
> > > > > org/support/ 
> > > > > List: https://lists.openinfosecfoundation.org/mailman/listinf 
> > > > > o/oisf-users 
> > > > >  
> > > > > Conference: https://suricon.net 
> > > > > Trainings: https://suricata-ids.org/training/ 
> > >  
> > > _______________________________________________ 
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation 
> > > .org 
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/ 
> > > support/ 
> > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oi 
> > > sf-users 
> > >  
> > > Conference: https://suricon.net 
> > > Trainings: https://suricata-ids.org/training/ 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171201/ce6b47ed/attachment.html>

More information about the Oisf-users mailing list