Home page logo
/

snort logo Snort mailing list archives

Re: Snort 2.9.0 Now Available
From: Alex Tatistcheff <alext () pobox com>
Date: Mon, 4 Oct 2010 21:38:59 -0600

If it helps I just "beat" it into submission on my Ubuntu test system.
Seems I was having a problem with the binary locating libdnet.1 after the
configure and make went fine, it was just that Snort wouldn't start.  From
my system which was formerly running 2.8 I had to:

Download libdnet from the Google code repository
http://code.google.com/p/libdnet
untar
configure
make
make install

Download the DAQ from http://www.snort.org/snort-downloads
untar
configure
make
make install

Download Snort 2.9 from snort.org.
same as above using your selected configure options, I used.

--enable-sourcefire
--enable-targetbased
--with-mysql
--enable-inline-init-failopen

However, my binary still wouldn't work because the libdnet had installed
into /usr/local/lib instead of /usr/lib.  So I created a sym link in
/usr/lib to point to the library.

ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1

After this Snort 2.9 started in all its glory.

Hope this helps.

Alex Tatistcheff
alext () pobox com

The most terrifying words in the English language are, "I'm from the
government and I'm here to help." -Ronald Reagan


On Mon, Oct 4, 2010 at 8:52 PM, waldo kitty <wkitty42 () windstream net> wrote:

On 10/4/2010 21:49, Russ Combs wrote:
     > * Snort no longer depends on libnet and uses libdnet instead.

    yeah, that really means nothing to this poor code jockey other than
yet another
    lib to figure out how to install and get compiled in my
environment... i can
    only imaging what the corporate side maintainers are going to face...
they have
    basically the same things to deal with that i do... i just have the
chance to be
    a step or three ahead of them and make my releases as mods to the
official
    release of the total package...

FWIW, libnet is obsolete and increasingly hard to find.  dnet makes
things
easier in that regard.

i don't know, because i've not gone looking, if our environment even uses
libnet, TBH... we're using GCC 3.3.5 and glibc 2.3.2 if that means
anything...

[time passes]

the only libnet i find anywhere in our basic source directories seems to be
win32 related for some package(s) we use that support that environment...
since
we're a *nix based environment, that one doesn't do us any good...

[trim]

    AFAIK, we don't use DAQ in our setup... pcap seems to be what we use
but i've
    not dug into the code to determine that... our official releases do
not use any
    compile time options at all... then again, our FOSS stuff is aimed at
those
    machines that everyone is throwing away because they don't think they
have any
    use left in them... sheesh, we're pulling P4's out of the dumpsters
these
    days... with 1+Gig of RAM and "huge" HDs where we only need ~10G of
HD space...

With 2.9.0, you *must* use the DAQ.  By default, you will wind up using a
pcap
DAQ, but the DAQ is a separate package that must be installed.  This is
new for
2.9.0.

ugh! when does the madness end? :lol: i'll have to see if i can hunt up the
archive for that... hopefully it is available at
www.snort.org/ports/snort-current/

Also, the NFQ and IPQ DAQs require libdnet, but so does Snort 2.9.0.

this begs the question of why DAQ wasn't included in the 2.9.0 archive so
that
one only need grab that one archive, untar it and DAQ be available in the
2.9.0
source tree... it sure would make things a *lot* easier :?

this release really should be 3.something instead of 2.9 with changes like
these... but all we can do it either keep trying to move forward or dump
snort
in the bitbucket and find something else :? that's not my call so all i can
do
is try to keep beating snort into submission in my environment... it may
very
well turn out that it gets dumped if we can't get 2.9.0 working and
especially
if the rules updates get EOLed and leave our users with no rules to use...


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault