Snort mailing list archives
2.9.1.2 rebuild problems
From: John York <YorkJ () brcc edu>
Date: Wed, 26 Oct 2011 14:46:00 +0000
I just rebuilt a sensor (Ubuntu 10.0.4, Snort 2.9.1.2, PP 0.61) Problem 1 It looks like pulledpork is having trouble finding the snort version. However, snort is installed in the default location /usr/local/bin, config in /usr/local/etc/snort, etc... Snort runs fine with Snort -T -c /usr/local/etc/snort/snort.conf When I ran pulledpork I got this error: The specified Snort binary does not exist! I changed the rule url in pp config to specify 2.9.1.2: rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot-2912.tar.gz|<oinkers!> Then pp ran, but gave gazillions of $snort undefined errors. Manually specifying the snort version at the end of the pp config fixed that: snort_version=2.9.1.2 Problem 2 For some reason, the precompiled SO rules didn't get to the proper directory, as pp gave this error: Warning: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules! I untarred the rules pp left in /tmp, and copied the contents of /tmp/so_rules/precompiled/Ubuntu-10-4/x86-64/2.9.1.2/ to /usr/local/lib/snort_dynamicrules Now everything runs w/o errors, but I imagine I'll need to manually copy the SO rules for a while. Hmm, just moved to the pulledpork.pl from the SVN, and it seems to work without the changes above. The SVN version must have been fixed to handle 2.9.1.2. It generates this error, but seems to work ok: Use of uninitialized value $Value in pattern match (m//) at /usr/local/bin/pulledpork.pl line 104, <CONFIG> line 1. Thanks John
Attachment:
pulledpork.conf
Description: pulledpork.conf
------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- 2.9.1.2 rebuild problems John York (Oct 26)