Snort mailing list archives
RE: Help please: libpcre.so.0: cannot open shared...
From: <Lorenz.Graf () swisscom com>
Date: Sun, 6 Jun 2004 22:31:48 +0200
Hello, I had the same problem on a Solaris 8 box. After installing pcre, it works. Lorenz Graf Message: 3 From: "Corey Rock" <snort_sigs () hotmail com> To: dwad24 () excite com, snort-users () lists sourceforge net Subject: RE: [Snort-users] Help please: libpcre.so.0: cannot open shared... Date: Sat, 05 Jun 2004 17:10:16 +0000 Is this installed? pcre - Perl-compatible regular expression library
From: "David" <dwad24 () excite com> Reply-To: dwad24 () excite com To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Help please: libpcre.so.0: cannot open shared... Date: Fri, 4 Jun 2004 14:10:51 -0400 (EDT) Hey Gustavo,This may be a wild shot in the dark, but what is your environment variable $LD_LIBRARY_PATH set to? You can check by doing this: echo $LD_LIBRARY_PATH If this comes up blank, or if the path to your libpcre.so.0 isn't there, you may need to add the path to your libpcre.so.0 library to that variable. For example: If your libpcre.so.0 resides in /usr/local/lib, you will need to add /usr/local/lib to that variable by doing thisin sh/bash/ksh:LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATHexport LD_LIBRARY_PATHand in csh/tcsh (my syntax may be wrong); set LD_LIBRARY_PATH /usr/local/lib:$LD_LIBRARY_PATH If none of this is the case, make sure that permissions are ok, and make sure that if libpcre.so.0 is a symlink, that the file it is linked to exists as well. HTH, Dave--- On Fri 06/04, Gustavo Gomes < gustavo () auge com br > wrote:From: Gustavo Gomes [mailto: gustavo () auge com br]To: snort-users@lists.sourceforge.netDate: Fri, 4 Jun 2004 14:28:10 -0300Subject: [Snort-users] Help please: libpcre.so.0: cannot open shared... Hello people, I´ve just finished to install snort in a PC and I got an error when I tryed to start snort: "/etc/init.d/snort start Starting Intrusion Database System: SNORT/usr/local/bin/snort: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory " Can anyone help me to fix this error? I´ve scanned the google and archive list of users and development in snort.org but I´ve not found nothing! _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!
_________________________________________________________________ Watch the online reality show Mixed Messages with a friend and enter to win a trip to NY http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/ --__--__-- Message: 4 To: snort-users () lists sourceforge net Date: Sat, 05 Jun 2004 19:27:49 +0200 From: Primero <primero () fastwebnet it> Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was wondering how can i make the 2 sensor log to the same Mysql DB and how to differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my only one Sensor now active. How can i change this value giving him a more explainy name ? (like Snort_External) Will Acid recognize more Sensors? Bye -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ --__--__-- Message: 5 To: snort-users () lists sourceforge net From: Primero <primero () fastwebnet it> Date: Sat, 05 Jun 2004 19:36:27 +0200 Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was wondering how can i make the 2 sensor log to the same Mysql DB and how to differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my only one Sensor now active. How can i change this value giving him a more explainy name ? (like Snort_External) Will Acid recognize more Sensors? Bye -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ --__--__-- Message: 6 Date: Sat, 5 Jun 2004 10:46:19 -0700 From: Mike Cohen <mike.cohen () gmail com> Reply-To: mike () antropyinc com To: snort-users () lists sourceforge net Subject: [Snort-users] (no subject) Hello , Im new to snort, and Im trying to create a snort box that runs as a non root user. I have a user snort which is in the group snort_group. I have given the snort_group ownership to the /var/log/snort directory and the /etc/snort directory. whenever I try to start snort as any non root user I get the following. If I use root, or sudo I can start the program fine. Im guessing I need access to the eth0 interface or some particular file or directory somehwere that is associated with starting sniffing on eth0 Can someone help me with this? Suse 9 Snort 2.12 snort@Myserver:/etc/snort> snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort_group Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 ERROR: OpenPcap() device eth0 open: socket: Operation not permitted Fatal Error, Quitting.. any help is appreciated. M.C. --__--__-- Message: 7 Date: Sat, 5 Jun 2004 14:47:59 -0300 (ART) From: =?iso-8859-1?q?Snort=20IDS?= <seguranca_snort () yahoo com br> To: snort-users () lists sourceforge net Subject: [Snort-users] PHP complaint about GD First of all, reconpile PHP, in my case i compiled PHP, using these comands, the directories are up to you : "./configure=--prefix=/usr/local/ids/php --with-apxs2=/usr/local/ids/apache/apxs --with-config-file-path=/usr/local/ids/php --with-zlib-dir=/usr/local/ids/zlib --with-mysql=/usr/local/ids/mysql --with-gd Please, let me know if it has worked "Snort, MySQL, Apache e Acid" yhe first guide in Portuguese ______________________________________________________________________ Yahoo! Messenger - Fale com seus amigos online. Instale agora! http://br.download.yahoo.com/messenger/ --__--__-- Message: 8 To: snort-users () lists sourceforge net Date: Sat, 05 Jun 2004 21:16:52 +0200 From: Primero <primero () fastwebnet it> Subject: [Snort-users] toll for snort rules management Hi all. What tool do you use to configure you snort rules? The only one i found is snortcenter ... is really the only one? bye -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ --__--__-- Message: 9 From: "Jeff Dell" <jdell () activeworx com> To: "'Primero'" <primero () fastwebnet it>, <snort-users () lists sourceforge net> Subject: RE: [Snort-users] toll for snort rules management Date: Sat, 5 Jun 2004 15:42:48 -0400 If you have a Windows 2000/XP management station you can also try IDS Policy Manager at www.activeworx.org. It will SCP/FTP the policies to any OS sensor. Cheers, Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Primero Sent: Saturday, June 05, 2004 3:17 PM To: snort-users () lists sourceforge net Subject: [Snort-users] toll for snort rules management Hi all. What tool do you use to configure you snort rules? The only one i found is snortcenter ... is really the only one? bye -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 10 From: "Jeff Dell" <jdell () activeworx com> To: "'Primero'" <primero () fastwebnet it>, <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID Date: Sat, 5 Jun 2004 15:46:01 -0400 In the database output module setting add sensor_name=Snort_External. You can also check out the following link for all of the database settings: http://www.snort.org/docs/snort_manual/node20.html Here is an example: output database: log, mysql, user=root password=test dbname=db host=localhost sensor_name=Snort_External Cheers, Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Primero Sent: Saturday, June 05, 2004 1:28 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was wondering how can i make the 2 sensor log to the same Mysql DB and how to differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my only one Sensor now active. How can i change this value giving him a more explainy name ? (like Snort_External) Will Acid recognize more Sensors? Bye -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 11 Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID Date: Sat, 5 Jun 2004 17:27:48 -0400 From: "Gould, Scott" <sgould () gogstats org> To: <snort-users () lists sourceforge net> I also found I had to manually go into the db and add the extra sensors with a different SID to the sensor table when I ran a similar setup. If you end up using barnyard, just reference the sensor by it's SID in the sensor table=20 I don't run this setup anymore, due to getting up to 7 sensors and the DB couldn't handle it. Wasn't getting packet loss, as was using barnyard, juts DB got slow at around half a million entries. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeff Dell Sent: Saturday, June 05, 2004 3:46 PM To: 'Primero'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID In the database output module setting add sensor_name=3DSnort_External. You can also check out the following link for all of the database settings: http://www.snort.org/docs/snort_manual/node20.html Here is an example: output database: log, mysql, user=3Droot password=3Dtest dbname=3Ddb host=3Dlocalhost sensor_name=3DSnort_External Cheers, Jeff =20 -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Primero Sent: Saturday, June 05, 2004 1:28 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was =20 wondering how can i make the 2 sensor log to the same Mysql DB and how to =20 differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my only one Sensor now active. How can i change this value giving him a more explainy name ? (like =20 Snort_External) Will Acid recognize more Sensors? Bye --=20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help please: libpcre.so.0: cannot open shared... Gustavo Gomes (Jun 04)
- Re: Help please: libpcre.so.0: cannot open shared... Matt Kettler (Jun 04)
- <Possible follow-ups>
- RE: Help please: libpcre.so.0: cannot open shared... David (Jun 04)
- RE: Help please: libpcre.so.0: cannot open shared... Corey Rock (Jun 05)
- RE: Help please: libpcre.so.0: cannot open shared... Lorenz.Graf (Jun 06)