Snort mailing list archives
RE: How to enable XML Logging in Snort 2.3.2
From: Jitendra Gupta <jitendrakrgupta_snort () yahoo co in>
Date: Tue, 5 Apr 2005 08:43:22 +0100 (BST)
Dear Sir, Thanks a lot again for taking interest in my problem.Here's my output of ./configure --help :- snort-2.3.2]# ./configure --help|more `configure' configures this package to adapt to many kinds of systems. Usage: ./configure [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print `checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for `--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or `..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [/usr/local] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify --More-- an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data [PREFIX/share] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --infodir=DIR info documentation [PREFIX/info] --mandir=DIR man documentation [PREFIX/man] Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] --More-- Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-64bit-gcc Try to compile 64bit (only tested on Sparc Solaris 9). --disable-dependency-tracking Speeds up one-time builds --enable-dependency-tracking Do not reject slow dependency extractors --enable-debug enable debugging options (bugreports and developers only) --enable-profile enable profiling options (developers only) --enable-sourcefire Enable Sourcefire specific build options --enable-perfmonitor Enable perfmonitor preprocessor --enable-linux-smp-stats Enable statistics reporting through proc --enable-inline Use the libipq interface for inline snort --enable-ipfw Enable ipfw Divert mode for use with inline --enable-flexresp Flexible Responses on hostile connection attempts Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-libpcap-includes=DIR libpcap include directory --with-libpcap-libraries=DIR libpcap library directory --with-libpcre-includes=DIR libpcre include directory --with-libpcre-libraries=DIR libpcre library directory --with-libnet-includes=DIR libnet include directory --with-libnet-libraries=DIR libnet library directory --with-mysql=DIR support for mysql --with-odbc=DIR support for odbc --with-postgresql=DIR support for postgresql --with-oracle=DIR support for oracle --More-- Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir> CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir> CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. --- Joshua Berry <jberry () PENSON COM> wrote:
What is the output of ./configure --help? -----Original Message----- From: Jitendra Gupta [mailto:jitendrakrgupta_snort () yahoo co in] Sent: Monday, April 04, 2005 9:23 AM To: Joshua Berry; snort-users () lists sourceforge net Subject: RE: [Snort-users] How to enable XML Logging in Snort 2.3.2 Thanks a lot Sir for helping me out but sorry to say that it didn't work. When I visited http://aircert.sourceforge.net/libairutil/ and http://aircert.sourceforge.net/libih/ They said :- libairutil has been merged into libair and libih has been merged into libair and so I installed only libair .Then following your instructions ,I did the following steps orderly:- 1. snort-2.3.2]# aclocal-1.7 2. snort-2.3.2]# autoheader-2.5x 3. snort-2.3.2]# automake-1.7 --add-missing 4. snort-2.3.2]# autoconf-2.5x 5. snort-2.3.2]# ./configure --with-libair=/usr/local/lib/ --with-mysql Still ./configure --help did not have any parameter for --with-libair 6. snort-2.3.2]# make 7. snort-2.3.2]# make install Then after editing snort.conf by adding output xml: log,file=/var/log/snort/output.xml above the output database line(I am using MySQL) and running the command snort -c snort.conf I again got the same error ERROR:unknown output plugin:'xml'Fatal Error, Quitting.. Please help, Jitendra --- Joshua Berry <jberry () PENSON COM> wrote:After patching snort, you should probably run: aclocal autoheader automake --add-missing autoconf Then run ./configure --with-libih--with-libairtutil-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]OnBehalf Of Jitendra Gupta Sent: Saturday, April 02, 2005 4:26 AM To: snort-users () lists sourceforge net Subject: [Snort-users] How to enable XML LogginginSnort 2.3.2 Hello List, I am a newbie to Snort .I haveinstalledSnort 2.3.2 on Mandrake 9.2 and want to enable XML logging in it.I have gone throughhttp://www.cert.org/kb/snortxml/ but still cannot achieve it.I installed libairutil 0.2.24 and libair 0.4.30. Then I rebuilt the snort using /configure --with-libih --with-libairtutil. But when I did ./configure --help I didnot findanyparameter for --with-libih and --with-libairutil.Still I continued to do make and make install.Then after editing snort.conf by adding output xml: log,file=/var/log/snort/output.xml above the output database line(I am using MySQL)andrunning the command snort -c snort.conf I get the error ERROR:unknown output plugin:'xml'Fatal Error, Quitting.. Please Help me out.I am in deep need of the solution.If you can suggest any other method,pleasesuggest. Thanking You, Yours Faithfully, Jitendra
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 02)
- <Possible follow-ups>
- How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 02)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 04)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 05)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 06)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 07)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 07)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 07)