[Oisf-users] Getting error when running Suricata

Leonard Jacobs ljacobs at netsecuris.com
Fri Dec 1 02:57:35 UTC 2017 

        linux-vdso.so.1 =>  (0x00007ffccef4f000)
        libhtp.so.2 => /usr/lib/libhtp.so.2 (0x00007f09721ad000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f0971fa5000)
        libGeoIP.so.1 => /usr/lib/x86_64-linux-gnu/libGeoIP.so.1 (0x00007f0971d76000)
        libluajit-5.1.so.2 => /usr/local/lib/libluajit-5.1.so.2 (0x00007f0971b06000)
        libmagic.so.1 => /usr/lib/x86_64-linux-gnu/libmagic.so.1 (0x00007f09718ea000)
        libcap-ng.so.0 => /usr/lib/x86_64-linux-gnu/libcap-ng.so.0 (0x00007f09716e5000)
        libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f09714a7000)
        libnet.so.1 => /usr/lib/x86_64-linux-gnu/libnet.so.1 (0x00007f097128e000)
        libnetfilter_queue.so.1 => /usr/lib/x86_64-linux-gnu/libnetfilter_queue.so.1 (0x00007f0971087000)
        libnfnetlink.so.0 => /usr/lib/x86_64-linux-gnu/libnfnetlink.so.0 (0x00007f0970e80000)
        libjansson.so.4 => /usr/lib/x86_64-linux-gnu/libjansson.so.4 (0x00007f0970c74000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f0970a56000)
        libyaml-0.so.2 => /usr/lib/x86_64-linux-gnu/libyaml-0.so.2 (0x00007f0970836000)
        libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f09705f8000)
        libhs.so.4 => not found
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f097022f000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f0970016000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f096fd10000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f096fb0c000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f096f8f6000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f09723cc000)
        libmnl.so.0 => /usr/lib/x86_64-linux-gnu/libmnl.so.0 (0x00007f096f6f1000)



 From:   Jeremy MJ <jskier at gmail.com> 
 To:   Leonard Jacobs <ljacobs at netsecuris.com> 
 Cc:   Jason Taylor <jtfas90 at gmail.com>, Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org> 
 Sent:   11/30/2017 8:41 PM 
 Subject:   Re: [Oisf-users] Getting error when running Suricata 



Interesting it compiled from source, but I think it's looking for the lib in the wrong place after installing on your Ubuntu system (perhaps something went wonky after make install). If you're able to share the configure options you used, this would help troubleshoot too. I typically don't work much with Ubuntu, but shouldn't libhs be in /usr/lib? If it's a non-production environment, a copy of the file over to that directory to see if it alleviates the problem would confirm this.


Re ldd. Try this: ldd /usr/bin/surictata
Or wherever the full path is to the surictata binary. This would be the same thing the which command would return for ldd to check. It should list shared libraries the binary uses with their respective paths.


Jeremy



On Nov 30, 2017 7:36 PM, "Leonard Jacobs" <ljacobs at netsecuris.com> wrote:

Ubuntu 16.04
Compiled Suricata after installing Hyperscan.
I followed the instructions in documentation.

Give me specifically what you want with ldd.  Better Example?

I have installed Suricata numerous times but never had this problem.  Can't even run suricata --build-info without error.  After running ./configure I saw that Hyperscan was enabled.


 From:   Jason Taylor <jtfas90 at gmail.com> 
 To:   Leonard Jacobs <ljacobs at netsecuris.com> 
 Cc:   <oisf-users at lists.openinfosecfoundation.org> 
 Sent:   11/30/2017 6:40 PM 

 Subject:   Re: [Oisf-users] Getting error when running Suricata 




Hi Leonard,


What OS is this running on? 


How did suricata get installed?


How did hyperscan get installed?


Can you post the output of  'ldd $(which suricata)' ?


Thanks!


JT



On Nov 30, 2017 19:10, "Leonard Jacobs" <ljacobs at netsecuris.com> wrote:

I am getting the following error when running anything with suricata.  I am not sure what it means.  I can see libhs.so.4 file in /usr/local/lib/x86_64-linux-gnu/ directory.

suricata: error while loading shared libraries: libhs.so.4: cannot open shared object file: No such file or directory


_______________________________________________
 Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
 Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
 List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
 
 Conference: https://suricon.net
 Trainings: https://suricata-ids.org/training/

 
_______________________________________________
 Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
 Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
 List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
 
 Conference: https://suricon.net
 Trainings: https://suricata-ids.org/training/

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171130/98efc817/attachment-0002.html>

More information about the Oisf-users mailing list