Home page logo
/

snort logo Snort mailing list archives

Re: Snort 2.9 Setup Guide
From: David Gullett <dgullett () symmetrixtech com>
Date: Sat, 23 Oct 2010 23:07:23 -0500

I just posted an updated guide.  If you run 'sudo ldconfig' it should
fix the libsfbpf error across multiple reboots.

Thanks,

David

-----Original Message-----
From: Andersen Klaus <klaus.andersen () mfa no>
To: dgullett () symmetrixtech com <dgullett () symmetrixtech com>, snort-users
<snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort 2.9 Setup Guide
Date: Wed, 20 Oct 2010 14:05:32 +0200

 

 

From: David Gullett [mailto:dgullett () symmetrixtech com] 
Sent: Tuesday, October 19, 2010 3:04 AM
To: snort-users
Subject: [Snort-users] Snort 2.9 Setup Guide


 

Hey, I posted a Snort 2.9 setup guide for Ubuntu 10.04 LTS last week.
For those that care, you can access the PDF here:
http://www.symmetrixtech.com/articles/008-snortinstallguide290.html

Any complaints, suggestions, excoriations etc are welcomed and
encouraged.  Randal, I bet you have a shot or two (seriously, just
kidding...)

Regards,

David Gullett | Symmetrix Technologies
dgullett () symmetrixtech com
106 N. Denton Tap Road, Suite 210-262 | Coppell, TX  75019 

 

Hi David,

 

I ran into two problems when I followed the installation guide you
published.

 

When I tested the installation snort exited with an error:

 

/usr/local/snort/bin/snort: error while loading shared libraries:

libsfbpf.so.0: cannot open shared object file: No such file or directory

 

I found a forum post on this issue:

 

https://forums.snort.org/forums/snort-newbies/topics/libdnet-not-found

 

When I run the commands described there as root, (#
LD_LIBRARY_PATH=/usr/local/lib, # export LD_LIBRARY_PATH) Snort
initializes properly.

 

I have not found out how to make this change permanent, so any
suggestions on how to do this would be appreciated.

 

The second issue I had, was that Snortreport did not show any alerts,
only a warning that said “No data”. I think you have helped other users
with this error before cf.
http://readlist.com/lists/lists.sourceforge.net/snort-users/1/7254.html
When I followed the advice given here, Snort and Snortreport both work.

 

I installed Snort with Snortreport on a VM and only for testing
purposes. So I did not do the "Setting up the network cards" part, nor
configure the "rc.local" file to start Snort automatically. Otherwise I
followed the installation guide step by step.

 

I also had a brief look at the new version of Snortreport on you demo
site. I do not know how it compares to BASE in functionality or use,
since I have not come around to installing BASE yet. I am going to test
Snort with Snortreport more as I think it looks promising as a front end
to snort. 

 

 

Regards,

Klaus Andersen






 


------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault