Re: Daq not getting installed.

[Jeremy Hoel <jthoel () gmail com>]

basically yes.. but they are two different apps and you can choose to
run either, both or none in daemon mode.  They don't depend on each
other for that.

snort in daemon mode, if the unified2 output is used, will write u2
files using the file structure you specify in the snort.conf for the
unified2 output.

by2 will read the files you tell it too and when a new one gets
written, it will close the old one and archive if (if desired) and
then continue reading and acting on the u2 files, updating it's waldo
file as it goes.




On Fri, Nov 23, 2012 at 10:38 PM, k vijay sai prashanth
<vijaysaiprashanth () gmail com> wrote:
> Jeremy,
>
> So if I run snort and barnyard2 running in daemon mode snort will keep
> alerting and Barnyard2 will keep feeding the alerts to the database right?
>
> Regards,
> Prashanth
>
>
> On Sat, Nov 24, 2012 at 2:45 AM, Jeremy Hoel <jthoel () gmail com> wrote:
> > Good deal.
> >
> >
> > On Fri, Nov 23, 2012 at 8:09 PM, k vijay sai prashanth
> > <vijaysaiprashanth () gmail com> wrote:
> > > ran ldconfig got it installed thanks a lot mate. :) appreciate the help.
> > >
> > > Regards,
> > > Prashanth
> > >
> > >
> > > On Sat, Nov 24, 2012 at 1:31 AM, k vijay sai prashanth
> > > <vijaysaiprashanth () gmail com> wrote:
> > > > I don't get anything doing ldconfig -p | grep libpcap
> > > >
> > > > How do I get it libpcap installed?
> > > >
> > > > Regards,
> > > > Prashanth
> > > >
> > > >
> > > > On Fri, Nov 23, 2012 at 11:41 PM, Jeremy Hoel <jthoel () gmail com> wrote:
> > > > > Quick note.. that should be 'ldconfig -p |grep libpcap'
> > > > >
> > > > > libpcap.. not lubpcap.
> > > > >
> > > > > :-)
> > > > >
> > > > >
> > > > > On Fri, Nov 23, 2012 at 5:52 PM, Jeremy Hoel <jthoel () gmail com> wrote:
> > > > > > After you installed libpcap did you run ldconifg?
> > > > > >
> > > > > > 'ldconfig -p |grep lubpcap' should return at least one result.
> > > > > >
> > > > > >
> > > > > > On Fri, Nov 23, 2012 at 5:46 PM, k vijay sai prashanth
> > > > > > <vijaysaiprashanth () gmail com> wrote:
> > > > > > > Hello All,
> > > > > > >
> > > > > > > I have two IDS servers with RHEL 5 installed on each. I have
> > > > > > > installed
> > > > > > > libpcap-1.3.0, daq-1.1.1 and snort-2.9.3.1 on one while on the
> > > > > > > other I
> > > > > > > was
> > > > > > > able to install libpcap-1.3.0 from source but when I try to install
> > > > > > > daq-1.1.1 by ./configure I get exited with the below error message.
> > > > > > >
> > > > > > > checking for pcap.h... (cached) yes
> > > > > > > checking for pcap_lib_version... checking for pcap_lib_version in
> > > > > > > -lpcap...
> > > > > > > (cached) yes
> > > > > > > checking for libpcap version >= "1.0.0"... no
> > > > > > >
> > > > > > >     ERROR!  Libpcap library version >= 1.0.0  not found.
> > > > > > >     Get it from http://www.tcpdump.org
> > > > > > >
> > > > > > > I did install libpcap-1.3.0 but when I give the below command I got
> > > > > > > nothing:
> > > > > > >
> > > > > > > "rpm -qa | grep libpcap"
> > > > > > >
> > > > > > > When I do a "locate pcap.h" its not found. But I am able to
> > > > > > > manually
> > > > > > > navigate to the file at /usr/local/src/libpcap-1.3.0. It seems to
> > > > > > > have
> > > > > > > no
> > > > > > > execute rights. Does this matter?
> > > > > > >
> > > > > > > Why is this failing. What can I do to get daq-1.1.1 installed. Are
> > > > > > > there any
> > > > > > > other dependencies which I am missing to fully install
> > > > > > > libpcap-1.3.0.
> > > > > > > Please
> > > > > > > advise.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Prashanth
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ------------------------------------------------------------------------------
> > > > > > > Monitor your physical, virtual and cloud infrastructure from a
> > > > > > > single
> > > > > > > web console. Get in-depth insight into apps, servers, databases,
> > > > > > > vmware,
> > > > > > > SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> > > > > > > Pricing starts from $795 for 25 servers or applications!
> > > > > > > http://p.sf.net/sfu/zoho_dev2dev_nov
> > > > > > > _______________________________________________
> > > > > > > Snort-users mailing list
> > > > > > > Snort-users () lists sourceforge net
> > > > > > > Go to this URL to change user options or unsubscribe:
> > > > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > > Snort-users list archive:
> > > > > > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > > > > > >
> > > > > > > Please visit http://blog.snort.org to stay current on all the
> > > > > > > latest
> > > > > > > Snort
> > > > > > > news!

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!