Snort mailing list archives

Re: snort idmef plugin

From: yuedong wu <ywu666 () yahoo com>
Date: Wed, 26 Nov 2003 15:38:17 -0800 (PST)

Matt,

I used the following steps to install idmef and
snort2.0.4:

1. install libxml2 2.6.2
2. install libidmef 0.7.2
3. tar -zxvf snort-idmef-plugin-1.2.1alpha2.0.5.tar.gz
4. tar -zxvf snort-2.0.4
5. cd snort-2.0.4
6. apply the following patches.
   + configure.in.diff - apply to top level
configure.in file in snort.
   + src_plugbase.c.diff - apply to snort's
./src/plugbase.c file.
   + src_plugin_enum.h.diff - apply to snort's
./src/plugin_enum.h file.
   + src_output-plugins_Makefile.am.diff - apply to
snort's
                                  
./src/output-plugins/Makefile.am
7. Copy spo_idmef.c and spo_idmef.h from snort-idmef
directory to snort's ./src/output-plugins directory.
8. mkdir /etc/snort
9. mkdir /var/log/snort
10. Run autoconf at snort's root directory
11. At snort's root directory run ./configure
--enable-idmef --with-mysql=/usr/local/mysql 
              
--with-libxml2-includes=/usr/local/include/libxml2
--with-libxml2-libraries=/usr/local/lib
              
--with-libidmef-includes=/usr/local/include
--with-libidmef-libraries=/usr/local/lib
   
12. make
13. make install
14. cd rules
15. cp * /etc/snort
16. add "idmef:default" for each rule in each rule
files
17. cd ../etc
18. cp snort.conf /etc/snort
19. cp *.config /etc/snort
20. modify snort.conf to make RULE_PATH to /etc/snort
21. snort -?

error msg: 
snort: error while loading shared libraries:
libidmef.so.0: cannot open shared object file: No such
file or directory

Do you think I still need set up load lib to
/usr/local/lib in /etc/ld.so.conf?

Thanks,

Yuedong 

--- Matt Kettler <mkettler () evi-inc com> wrote:

At 04:04 PM 11/25/2003, yuedong wu wrote:

I have tried your latest version. The installation
process looks fine. However when I ran the snort,

it

reports error information: error load

libidmef.so.0,

cannot find file or directory. But the file
libidmef.so.0 is in /usr/local/lib dir, which is

the

default lib dir.

Can you help me out? Thanks,


is your /etc/ld.so.conf set up to load libraries in
/usr/local/lib?

Most systems will not honor /usr/local/lib by
default.



__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort idmef plugin yuedong wu (Nov 25)
- Re: snort idmef plugin Matt Kettler (Nov 25)
  - Re: snort idmef plugin yuedong wu (Nov 26)
    - Re: snort idmef plugin Matt Kettler (Nov 28)
    - Re: snort idmef plugin yuedong wu (Dec 01)
    - Re: snort idmef plugin Craig Paterson (Dec 01)
    - Re: snort idmef plugin yuedong wu (Dec 03)