Re: Snort + PF_RING + DAQ

[Jack <kingofnerds () gmail com>]

I just last week went through the process of getting Snort and PF_Ring
running on my CentOS 5.8 box. I ran into the same error you are
running into. I found that it is because CentOS does not have recent
enough versions of the automake and similar utilities. And the only
way I was able to get it to compile was to use the versions of
autoconf, automake, libtool, and m4 from the GNU website built from
source. In order to get my terminal to recognize some of them after I
compiled and installed them, I had to log out and log back in.

After installing those, I was able to successfully build Snort with
PF_Ring and use multiple instances of Barnyard2 to process the logs
into a mysql database and send via syslog to another server.

I hope this helps.




If you want something that runs out of the box you can download
http://nsm.metaflows.com/linux.zip
then
unzip linux.zip
cd nsm
./setup.sh

This will install a lot of of extra things you can ignore but we know
the PF_RING drivers and snort 2.9.2.3 combination work for in production
deployments of several Gigs of traffic.

It does not have the latest PF_RING and latest snort, but what is in
there has been
heavily QA..

Livio.


On 08/30/2012 08:46 AM, Peter Bates wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 30/08/2012 14:59, Eric Luellen wrote:

As a quick follow up to this, one of the primary errors I'm running
into is when doing "./configure" under the
/tmp/PF_RING-5.4.5/userland/snort/pfring-daq-module directory. The
error I continue to get is:

checking for C compiler default output file name... configure:
error: in `/tmp/PF_RING-5.4.5/userland/snort/pfring-daq-module':
configure: error: C compiler cannot create executables See
`config.log' for more details.

I have gcc and gcc-c++ installed on the CentOS box, so I'm not sure
why it can't create the executables.

It might be worth discussing PF_RING problems on the ntop-misc mailing
list as they tend to get resolved fairly quickly.

Discussing this with someone else recently we've concluded:

1) Use the version from SVN if you're using Snort 2.9.3.x and DAQ 1.x
2) Build in $HOME/PF_RING as the autoconf stuff seems to be hardwired
to only work in that directory.

- --
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division     Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQP4rfAAoJELhVoVpEMS6RyYAIAKyMj4bpugcD2QelNhTzCzM4
/KNA5oZG2ZBpQ1bGYYDrHb7uJAKd2rbPbEYxLa9fdwIQLThu3B/mrgTIGiMV2iqk
5EwSEo8u+iC07wWOdXZo1S9x3SC0RCNOK8ujXcJYsybm/f/1AKV2VzgaYKTktd32
VnihbP10pbsTvHWPGQwD5dNnFN03pqzNHy8v0cj5HK89SSb5YKRl18PpnTMgs/ux
GOnhY5Fr6xmYJ9n2W2DAT16SufBHRet2OUB3BrYhCoG/zJTKdylBiGiAxPyJPATR
1sEsPSVzK0E+bS2gZKNF+A2ZXsk1wJcvr4B85gGS2Ag5cW1d1hDNobIzyRhq3+E=
=ybli
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


--
_____________________________________
 ---- In the end Nerds will Rule the World ----

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!