Snort mailing list archives
Re: FW: Snort PF_Ring Installation
From: <snort () outlook com>
Date: Mon, 13 Jul 2015 23:07:32 +0000
There is no strict specific order in which these should be compiled that I know of. The error you are seeing is in the PF_RING network drivers. From a previous post of yours I noticed that you are on kernel 3.16.X, which to my knowledge is not yet supported by PF_RING. That's why you are not able to compile the network drivers and getting the errors. That said, the remaining modules should compile just fine, at least that's what I have seen in my tests. Sent from Mobile On Mon, Jul 13, 2015 at 1:26 PM -0700, "Davison, Charles Robert" <cdaviso1 () vols utk edu> wrote: Is there a particular order the modules need to be configured. I tried ./configuring different modules but I am receiving several errors... do you know if there is a specific guide on configuring all the modules that I could follow? [cid:image003.png@01D0BBD5.7A826B20] From: Y M [mailto:snort () outlook com] Sent: Friday, July 10, 2015 12:32 PM To: Davison, Charles Robert; waldo kitty Cc: Avery Rozar; snort-users Subject: RE: Snort PF_Ring Installation If you get no errors are generated at the end then it should be ok. This is only for the kernel module. There are modules/libraries that also need to be installed to have PF_RING functional. As I mentioned before, there is the lib, pfring-daq-module, and drivers (if you want to install them). For each module, you need to go to its respective directory and install it. In the case of the PF_RING daq module, you should do something like: cd /PF_RING/userland/snort/pfring-daq-module and then autoreconf -ivf ./configure make make install The above should install the PF_RING daq modules into /usr/local/lib/daq. After the above is done, if you ls -l /usr/local/lib/daq, you should see something similar to this (note the last two lines): daq_afpacket.la daq_afpacket.so daq_dump.la daq_dump.so daq_netmap.la daq_netmap.so daq_pcap.la daq_pcap.so daq_pfring.la daq_pfring.so ________________________________ From: cdaviso1 () vols utk edu<mailto:cdaviso1 () vols utk edu> To: wkitty42 () windstream net<mailto:wkitty42 () windstream net>; snort () outlook com<mailto:snort () outlook com> CC: Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: RE: Snort PF_Ring Installation Date: Fri, 10 Jul 2015 18:03:48 +0000 This is what I get with sudo make... so maybe just make will work...?[cid:image001.png@01D0BBD5.674A38D0] From: Davison, Charles Robert Sent: Friday, July 10, 2015 12:02 PM To: Davison, Charles Robert; waldo kitty; Y M Cc: Avery Rozar; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: RE: Snort PF_Ring Installation This is where I am not now. PF_Ring Download Instructions 1. sudo apt-get update 2. sudo apt-get upgrade 3. sudo apt-get install libnuma-dev 5. git clone https://github.com/ntop/PF_RING.git 6. cd PF_RING/kernel 7. sudo make install [cid:image002.png@01D0BBD5.674A38D0] 10. sudo insmod ./pf_ring.ko 11. cd ../userland 12. sudo make install From: Davison, Charles Robert [mailto:cdaviso1 () vols utk edu] Sent: Friday, July 10, 2015 11:40 AM To: waldo kitty; Y M Cc: Avery Rozar; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort PF_Ring Installation Ok so your saying this might work as long as I can verify it places the daq file in /user/local/lib/daq PF_Ring Download Instructions 1. sudo apt-get update 2. sudo apt-get upgrade 3. sudo apt-get install libnuma-dev 5. git clone https://github.com/ntop/PF_RING.git 6. cd PF_RING/kernel 7. sudo make install 10. sudo insmod ./pf_ring.ko 11. cd ../userland 12. sudo make install -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Friday, July 10, 2015 11:33 AM To: Davison, Charles Robert; Y M Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>; Avery Rozar Subject: Re: Snort PF_Ring Installation On 07/10/2015 01:17 PM, Davison, Charles Robert wrote:
Ok I found the directory:
you found the default install directory but your listing doesn't appear to show the pfring daq in there... you have to
go back to first steps where you cloned the repo from git... you ran two "make" commands... the second one is the one
that should compile the daq module and install it into /usr/local/lib/daq... you need to go back to that second make
and see if it failed to make the daq module or if it failed to install it...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort PF_Ring Installation, (continued)
- Re: Snort PF_Ring Installation waldo kitty (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
- Re: Snort PF_Ring Installation Y M (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
- Re: Snort PF_Ring Installation Y M (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 23)
- FW: Snort PF_Ring Installation Davison, Charles Robert (Jul 23)
- Re: FW: Snort PF_Ring Installation snort (Jul 23)
- Re: FW: Snort PF_Ring Installation Y M (Jul 23)
- Re: Snort PF_Ring Installation waldo kitty (Jul 10)