[Oisf-users] Getting error when running Suricata
Leonard Jacobs
ljacobs at netsecuris.com
Sat Dec 2 00:45:00 UTC 2017
All I had to do is copy ./usr/local/lib/x86_64-linux-gnu/libhs.so.4 /usr/lib/x86_64-linux-gnu/ then ran sudo ldconfig for good measure. Now suricata runs. Build-info says that hyperscan is compiled in.
Thanks to all.
From: jason taylor <jtfas90 at gmail.com>
To: Leonard Jacobs <ljacobs at netsecuris.com>, Jeremy MJ <jskier at gmail.com>
Cc: Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org>
Sent: 11/30/2017 9:08 PM
Subject: Re: [Oisf-users] Getting error when running Suricata
Response inline.
JT
On Thu, 2017-11-30 at 20:57 -0600, Leonard Jacobs wrote:
> linux-vdso.so.1 => (0x00007ffccef4f000)
> libhtp.so.2 => /usr/lib/libhtp.so.2 (0x00007f09721ad000)
> librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1
> (0x00007f0971fa5000)
> libGeoIP.so.1 => /usr/lib/x86_64-linux-gnu/libGeoIP.so.1
> (0x00007f0971d76000)
> libluajit-5.1.so.2 => /usr/local/lib/libluajit-5.1.so.2
> (0x00007f0971b06000)
> libmagic.so.1 => /usr/lib/x86_64-linux-gnu/libmagic.so.1
> (0x00007f09718ea000)
> libcap-ng.so.0 => /usr/lib/x86_64-linux-gnu/libcap-ng.so.0
> (0x00007f09716e5000)
> libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
> (0x00007f09714a7000)
> libnet.so.1 => /usr/lib/x86_64-linux-gnu/libnet.so.1
> (0x00007f097128e000)
> libnetfilter_queue.so.1 => /usr/lib/x86_64-linux-
> gnu/libnetfilter_queue.so.1 (0x00007f0971087000)
> libnfnetlink.so.0 => /usr/lib/x86_64-linux-
> gnu/libnfnetlink.so.0 (0x00007f0970e80000)
> libjansson.so.4 => /usr/lib/x86_64-linux-gnu/libjansson.so.4
> (0x00007f0970c74000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x00007f0970a56000)
> libyaml-0.so.2 => /usr/lib/x86_64-linux-gnu/libyaml-0.so.2
> (0x00007f0970836000)
> libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3
> (0x00007f09705f8000)
> libhs.so.4 => not found
Here we are, as Jeremy mentioned, suricata isn't able to find the
libhs.so.4 library.
A couple of options:
1. as root run ldconfig then try and relaunch suricata. If that doesn't
work, try:
2. remove and rebuild hyperscan and specify the lib directory you want
(likely something like /usr/lib/x86_64-linux/gnu judging from the other
library locations)
3. a slight variation on what Jeremy suggested earlier is to try a
symlink of /usr/local/lib/x86_64-linux-gnu/libhs.so.4 in
/usr/lib/x86_64-linux-gnu/, run ldconfig, try launching suricata
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
> (0x00007f097022f000)
> libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1
> (0x00007f0970016000)
> libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6
> (0x00007f096fd10000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x00007f096fb0c000)
> libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1
> (0x00007f096f8f6000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f09723cc000)
> libmnl.so.0 => /usr/lib/x86_64-linux-gnu/libmnl.so.0
> (0x00007f096f6f1000)
>
>
> From: Jeremy MJ <jskier at gmail.com>
> To: Leonard Jacobs <ljacobs at netsecuris.com>
> Cc: Jason Taylor <jtfas90 at gmail.com>, Open Information Security
> Foundation <oisf-users at lists.openinfosecfoundation.org>
> Sent: 11/30/2017 8:41 PM
> Subject: Re: [Oisf-users] Getting error when running Suricata
>
> > Interesting it compiled from source, but I think it's looking for
> > the lib in the wrong place after installing on your Ubuntu system
> > (perhaps something went wonky after make install). If you're able
> > to share the configure options you used, this would help
> > troubleshoot too. I typically don't work much with Ubuntu, but
> > shouldn't libhs be in /usr/lib? If it's a non-production
> > environment, a copy of the file over to that directory to see if it
> > alleviates the problem would confirm this.
> >
> > Re ldd. Try this: ldd /usr/bin/surictata
> > Or wherever the full path is to the surictata binary. This would be
> > the same thing the which command would return for ldd to check. It
> > should list shared libraries the binary uses with their respective
> > paths.
> >
> > Jeremy
> >
> >
> > On Nov 30, 2017 7:36 PM, "Leonard Jacobs" <ljacobs at netsecuris.com>
> > wrote:
> > > Ubuntu 16.04
> > > Compiled Suricata after installing Hyperscan.
> > > I followed the instructions in documentation.
> > >
> > > Give me specifically what you want with ldd. Better Example?
> > >
> > > I have installed Suricata numerous times but never had this
> > > problem. Can't even run suricata --build-info without error.
> > > After running ./configure I saw that Hyperscan was enabled.
> > >
> > > From: Jason Taylor <jtfas90 at gmail.com>
> > > To: Leonard Jacobs <ljacobs at netsecuris.com>
> > > Cc: <oisf-users at lists.openinfosecfoundation.org>
> > > Sent: 11/30/2017 6:40 PM
> > > Subject: Re: [Oisf-users] Getting error when running Suricata
> > >
> > > > Hi Leonard,
> > > >
> > > > What OS is this running on?
> > > >
> > > > How did suricata get installed?
> > > >
> > > > How did hyperscan get installed?
> > > >
> > > > Can you post the output of 'ldd $(which suricata)' ?
> > > >
> > > > Thanks!
> > > >
> > > > JT
> > > >
> > > > On Nov 30, 2017 19:10, "Leonard Jacobs" <ljacobs at netsecuris.com
> > > > > wrote:
> > > > > I am getting the following error when running anything with
> > > > > suricata. I am not sure what it means. I can see libhs.so.4
> > > > > file in /usr/local/lib/x86_64-linux-gnu/ directory.
> > > > >
> > > > > suricata: error while loading shared libraries: libhs.so.4:
> > > > > cannot open shared object file: No such file or directory
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Suricata IDS Users mailing list: oisf-users at openinfosecfounda
> > > > > tion.org
> > > > > Site: http://suricata-ids.org | Support: http://suricata-ids.
> > > > > org/support/
> > > > > List: https://lists.openinfosecfoundation.org/mailman/listinf
> > > > > o/oisf-users
> > > > >
> > > > > Conference: https://suricon.net
> > > > > Trainings: https://suricata-ids.org/training/
> > >
> > > _______________________________________________
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation
> > > .org
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/
> > > support/
> > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oi
> > > sf-users
> > >
> > > Conference: https://suricon.net
> > > Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171201/ce6b47ed/attachment.html>
More information about the Oisf-users
mailing list