snort启动失败，急！！！

Question

最近安装snort都快3个星期了，mysql,apache,php都已经正确安装了，一些基本库也安装了。但就是snort安装有问题：运行/usr/local/snort/bin/snort -c /etc/snort/snort.conf 时出现的问题（我的是snort-2[1].8.5.1.tar.gz，snortrules-snapshot-2[1].8.tar.gz），开始是Detection:
   Search-Method = AC-BNFA-Q
ERROR: /etc/snort/snort.conf(270) Config option "detection" can only be configured once.
Fatal Error, Quitting..
我把#config detection: max_queue_events 5，继续测试；
出现：
dynamicdetection file /usr/local/lib/snort_dynamicrules/bad-traffic.so找不到，我去文件夹下看了，果然没有bad-traffic.so等一系列.so文件，我就把dynamicdetection file /usr/local/lib/snort_dynamicrules/bad-traffic.so都屏蔽了，继续测试；
出现：
Warning: /etc/snort/dos.rules(5 => threshold (in rule) is deprecated; use detection_filter instead.
ERROR: /etc/snort/web-client.rules(186) : pcre compile of "<(?P<t>[A-Z]+\x3A)\s*[^>]+>.*<[A-Z]+\x3A\s*stroke\s+[^>]*src\s*=\s*(?P<q>\x22|\x27|)[\w\x25\x2D\x2E]+(?P=q)[^>]*>.*?<\x2F" failed at offset 3 : unrecognized character after (?
Fatal Error, Quitting..
于是屏蔽
#include $RULE_PATH/web-client.rules
结果又出现了：
Warning: /etc/snort/dos.rules(5 => threshold (in rule) is deprecated; use detection_filter instead.
ERROR: /etc/snort/mysql.rules(49) : pcre compile of "^.{4}\x03\s*SELECT\s+ExtractValue\s*\x28.*?\x2c\s*((\x22|\x27)?[0-9].*?|(?P<q1>(\x22|\x27)?)\x28.*?\x29(?P=q1)|.*?\x24\x40.*?|\x22.*?\x27.*?|\x27.*?\x22.*?)\s*\x29" failed at offset 74 :
unrecognized character after (?
Fatal Error, Quitting..
又屏蔽#include $RULE_PATH/mysql.rules
出现：
Rule application order: activation->dynamic->pass->drop->alert->log
Verifying Preprocessor Configurations!
Warning: 'ignore_any_rules' option for Stream5 UDP disabled because of UDP rule
with flow or flowbits option
Warning: flowbits key 'smb.tree.create.sql.query' is set but not ever checked.
Warning: flowbits key 'Omniquad_IRC_InitConnection' is set but not ever checked.Warning: flowbits key 'bit.3xBackdoorconnection' is set but not ever checked.
Warning: flowbits key 'CookieMonster_FileExplorer' is set but not ever checked.
Warning: flowbits key 'AM_Remote_Client' is set but not ever checked.
Warning: flowbits key 'svg_file.request' is set but not ever checked.
Warning: flowbits key 'ScreenControl_capture2213' is set but not ever checked.
Warning: flowbits key 'Backdoor.Bersek.Init' is set but not ever checked.
Warning: flowbits key 'Mantis_Notify2' is set but not ever checked.
Warning: flowbits key 'buttman.1' is set but not ever checked.
Warning: flowbits key 'outbreak_ring_stc' is set but not ever checked.
Warning: flowbits key 'snipernet' is set but not ever checked.
Warning: flowbits key 'Backdoor.Bersek.Remoteshell' is set but not ever checked.Warning: flowbits key 'eot.download' is set but not ever checked.
Warning: flowbits key 'arj_file.request' is set but not ever checked.
Warning: flowbits key 'ReVerSaBle_ExecuteCommand' is set but not ever checked.
Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Warning: flowbits key 'Backdoor.Apofis.Remotecontrol' is set but not ever checked.
Warning: flowbits key 'emf.request' is set but not ever checked.
Warning: flowbits key 'smalluploader_remotesh' is set but not ever checked.
Warning: flowbits key 'backup_file.request' is set but not ever checked.
Warning: flowbits key '4xm.request' is set but not ever checked.
Warning: flowbits key 'Evade_File_Manager1' is set but not ever checked.
Warning: flowbits key 'caff_request' is set but not ever checked.
Warning: flowbits key 'http.dxf' is set but not ever checked.
Warning: flowbits key 'Only1RAT_Control' is set but not ever checked.
Warning: flowbits key 'MinicomLite' is set but not ever checked.
Warning: flowbits key 'xspf_file.request' is set but not ever checked.
Warning: flowbits key 'http.quicktime' is checked but not ever set.
Warning: flowbits key 'trojan.delf.post' is set but not ever checked.
Warning: flowbits key 'PtakkS_Keepalive' is set but not ever checked.
Warning: flowbits key 'http.xls' is checked but not ever set.
340 out of 512 flowbits in use.
***
*** interface device lookup found: eth0
***
Initializing Network Interface eth0
Decoding Ethernet on interface eth0
database: mysql_error: Table 'mysql.sensor' doesn't exist
database: mysql_error: Table 'mysql.sensor' doesn't exist
SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) VALUES
('2.0.0.0','eth0',1,0, 0)
database: mysql_error: Table 'mysql.sensor' doesn't exist
database: Problem obtaining SENSOR ID (sid) from mysql->sensor
ERROR:  When this plugin starts, a SELECT query is run to find the sensor id for the
currently running sensor. If the sensor id is not found, the plugin will run
an INSERT query to insert the proper data and generate a new sensor id. Then a
SELECT query is run to get the newly allocated sensor id. If that fails then
this error message is generated.

Some possible causes for this error are:
  * the user does not have proper INSERT or SELECT privileges
  * the sensor table does not exist

If you are _absolutely_ certain that you have the proper privileges set and
that your database structure is built properly please let me know if you
continue to get this error. You can contact me at (roman@danyliw.com).

Fatal Error, Quitting..
到这就不知道怎么做了，怎么上网看了资料是那么容易就通过，我的是这样闹腾，是不是snort本来就有问题啊，还是我安装有问题，我的安装如下：cd ..
tar -zxvf pcre-8.00.tar.gz
cd pcre-8.00
./configure
make
make install

cd ..
mkdir /etc/snort
mkdir /var/log/snort
tar -zxvf snort-2[1].8.5.1.tar.gz
cd snort-2.8.5.1
./configure --with-mysql=/usr/local/mysql
make
make install

cd /etc/snort
tar -zxvf snortrules-snapshot-2[1].8.tar.gz -C /usr/local/tarballs/snort-2.8.5.1
cd /usr/local/tarballs/sbort-2.8.5.1/rules
cp * /etc/snort/
cd ../etc
cp *.config /etc/snort/

Answer 1

我遇到跟楼主一样的问题，不知道怎么解决，估计楼主早已经解决了吧，能不能把解决方法邮件我一下：syong09@gmail.com