Home page logo
/

snort logo Snort mailing list archives

Re: Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz
From: "Kurt Jensen CISSP" <kjensencissp () gmail com>
Date: Mon, 8 Apr 2013 21:29:41 -0400

Hi y’all – it lives!  I now have it all working, used the DAQ rpm but all the rest were tar packages and it came 
together fine.  Thanks for the help!   

 

To simplify I started off this time using the more default/typical folder structure of /etc/local/src to build 
everything helping to avoid possible permission and path bugs in my instance, seemed to help but more was still needed 
by the time I got back to DAQ install again. That was:

 

What I found I had to do more “manually” in this case over and above the published steps to install Snort onto SuSE 
12.2 with KDE was:

 

Move all files (including snort.conf) post build UP one directory.  For some reason the files were created in 
/etc/snort/etc  not what used to be /etc/snort – this worked fine making sure the startup scripts and executables could 
find the rules folders and snort.conf

 

Copy the daq-modules-config file from where that was built  over to the /usr/local/bin location

 

All worked great, thanks!

 

Lars

 

From: Kurt Jensen CISSP [mailto:kjensencissp () gmail com] 
Sent: Thursday, April 04, 2013 12:49 AM
To: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz

 

Finally just getting back to – and seeing the “writing on the wall” that something was way out of norm with the first 
attempt at install, I went to a different instance of SuSE 12.2 w/KDE and started fresh with latest Snort release 
2.9.4.5. 

 

I took note of what you both said here, working with the docs again too.  So far so good.  I was able to get all the 
necessary package requirements to load OK (used the rpm though for DAQ – the tarball one did not seem to complete right 
– rpm did.

 

Following that I made sure to use all the typical paths and folders, set permissions up on the new src folder created 
and ran:

./configure –enable-sourcefire  - that worked

Then I ran:  make && make install (to see if that passed the make first) – it did and it worked

 

Now I have to add rules and start the rest of the process tomorrow…

 

“Lars”

 

From: Y M [mailto:snort () outlook com] 
Sent: Monday, April 01, 2013 2:30 PM
To: Kurt Jensen CISSP; 'Joel Esler'
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz

 

May be you need to create a symbolic link  from /usr/sbin to point to Snort's binary? Or you can simply copy the binary 
to /usr/sbin

Do you have this path to Snort's binary?

/usr/local/snort/bin

Thanks.
YM

  _____  

From: Kurt Jensen CISSP <mailto:kjensencissp () gmail com> 
Sent: ‎4/‎1/‎2013 9:16 PM
To: 'Joel Esler' <mailto:jesler () sourcefire com> 
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz

Ok following your suggestion I changed the suspect folder name from "Snort IDS" to SnortIDS and re-ran ./configure and 
then make, which appeared to work.  Make definitely proceeded to a compile phase that had not happened before as I 
watched the screen.  I ran the make install pass after that which also seemed to work with no noticeable errors.  
Thanks!

Next steps:  I do not find a snort executable however in /usr/sbin as might be expected.

When I follow the instructions in the Snort "install guide for Suse 12.2" to try and run it, it appears my folder 
layout is different?  I ran all the permission and folder creation steps found on page 12 with no issues.  I wish I 
knew more about building software installs on Linux but it has never been my focus.  Should I be looking in different 
folders to run the ./snort commands?

Lars

-----Original Message-----
From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Monday, April 01, 2013 10:55 AM
To: Kurt Jensen CISSP
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz

I was just looking at it from 

"/home/user/Download/Snort IDS/snort-2.9.4.1/src/win32"

There is a space between "Snort" and "IDS".

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Apr 1, 2013, at 10:45 AM, Kurt Jensen CISSP <kjensencissp () gmail com> wrote:

Joel,
 
Good ask and hey I agree with your thinking!  Unless you are referring to a folder name with more than one word in it 
that I created, the path itself should not have any spaces (maybe format of the e-mail accounts for?) unless somehow 
the system inserted one without my doing, unless a space in folder names counts?  If it seems a concern I can change 
that.  Your guidance is definitely welcome and appreciated!
 
Lars
 
From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Monday, April 01, 2013 10:18 AM
To: Kurt Jensen CISSP
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Errors installing SNORT 2.9 to SuSE Linux 
12.2 - rpm or tar.gz
 
Am I reading this correctly that you have a space in your path where Snort is?
 
I'm not saying that makes a difference, but I try to eliminate the simplest things first.
 
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
 
On Apr 1, 2013, at 9:56 AM, Kurt Jensen CISSP <kjensencissp () gmail com> wrote:


Hi, I hope everyone had a great weekend and holiday! Any thoughts or ideas on the Snort install and setup (make) 
related errors I ran into yet I posted back on March 22nd? 
 
It has been a long time since I ever installed and ran Snort it seemed like it should have worked out using the 
documentation and tips you offer for SuSE users.  Yet I am sad to say that between two different images of SuSE Linux 
(one is a 12.2 VM with KDE, and another 12.2 that was upgraded from 11.x as a native install) I was not able to get a 
successful install and initialization going yet.  I would like to get it running and learn from the experience too.  
Might the error information below lead to answers?  Thoughts?  I am new to this online community so my apologies if 
somehow I missed a reply.
 
Lars
 
From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Friday, March 22, 2013 8:34 PM
To: Kurt Jensen CISSP
Cc: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Errors installing SNORT 2.9 to SuSE Linux 
12.2 - rpm or tar.gz
 
Can you copy and paste the commands you are typing and the errors you are getting?

--
Joel Esler
Sent from my iPhone 

On Mar 22, 2013, at 5:35 PM, "Kurt Jensen CISSP" <kjensencissp () gmail com> wrote:

Hello Group,
 
I have been attempting to install the latest rpm OR .tar.gz of SNORT to my fairly plain test instance of SuSE 12.2 I 
use for student work and testing of what I know, other tools etc.  The system is an i386 32bit Toshiba laptop booting 
directly into SuSE 12.2, and the trouble is with Snort installation.
 
Here is what is happening that I could definitely use help with:
 
While in the case of the .tar.gz version the “configure phase” worked fine once I had all the pre-install required 
dependency connected libraries and packages, and finished as far as I can tell w/o errors.  Yet when I try to run 
make it refers to a number of directories it enters and exits with an error saying for example “there is nothing to 
do for all” and then “make[5] there is no rule to build” etc.  I have been researching this a lot and come up with no 
direct answers.  My GUESS is it is looking for a rule package but I have not been able to find a free one yet to 
download if that is the problem. I am a student on this and do not wish to buy any rules, I can just use the most 
basic ones out there as I get started and was surprised to find it seems none are included to start out with and 
finish an install?
 
“rpm” method:  When I downloaded and tried installing the rpm version instead using SuSE YaST software 
manager/install tool (GUI) the process begins but always errors out saying it failed/cannot complete with the error 
“nothing provides libcrypto.so.10” but my SUSE install has SSH and several GNU and/or other crypto libraries I just 
added (with source/development libraries) yet none of these work?
 
Any assistance is greatly appreciated and what am I missing?
 
Lars Jensen
----------------------------------------------------------------------
-------- Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics Download AppDynamics Lite 
for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault