Re: Snort PF_Ring Installation

["Davison, Charles Robert" <cdaviso1 () vols utk edu>]

Ok I found the directory:

[cid:image004.png@01D0BB01.F32B0A70]

So should my install steps look like this?

PF_Ring – Daq-Module Installation


13.    cd /user/local/lib/daq
14.    autoreconf –ivf (Appears to execute properly.)
15.    ./configure (See attachment for output)
16.    make (See attachment for output)
17.    sudo make install (See attachment for output)


From: Y M [mailto:snort () outlook com]
Sent: Friday, July 10, 2015 11:10 AM
To: Davison, Charles Robert
Cc: snort-users () lists sourceforge net; waldo kitty
Subject: RE: Snort PF_Ring Installation

This directory (path) should be in your PF_RING directory you just cloned from GitHub and not in Snort's tarball.

Compiling PF_RING daq module should install the daq modules, by default in /use/local/lib/daq.

_____________________________
From: Davison, Charles Robert <cdaviso1 () vols utk edu<mailto:cdaviso1 () vols utk edu>>
Sent: Friday, July 10, 2015 8:03 PM
Subject: RE: Snort PF_Ring Installation
To: Y M <snort () outlook com<mailto:snort () outlook com>>, waldo kitty <wkitty42 () windstream net<mailto:wkitty42 () 
windstream net>>, <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Cc: Davison, Charles Robert <cdaviso1 () vols utk edu<mailto:cdaviso1 () vols utk edu>>


Good Morning,



I have not compiled the PF_RING daq module from ../userland/snort/pfring-daq-module. Im not sure I have this directory:



[cid:image005.png@01D0BB01.F32B0A70]

Please let me know where and how I would need to place this in the below steps.

From: Davison, Charles Robert [mailto:cdaviso1 () vols utk edu]
Sent: Friday, July 10, 2015 7:11 AM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] Snort PF_Ring Installation

Good Morning,

I am trying to get PF_Ring from Ntop functional. Please see the below steps I have performed thus far. By the way my 
snort installation is functional with BY2, PulledPork, and Snorby. I am running Ubuntu 14.04 (64Bit) and have install 
all the prerequisites for this software. I have used the links below for reference towards installing:

Reference:
[cid:image002.png@01D0BAFF.5BCBE3E0]
http://www.ntop.org/get-started/download/#PF_RING
https://github.com/ntop/PF_RING/blob/dev/userland/snort/pfring-daq-module/README.1st
http://www.ntop.org/wp-content/uploads/2011/08/n2disk-UsersGuide1.pdf

The below steps are the exact steps that I have performed on this install.

PF_Ring Download Instructions
1.        sudo apt-get update
2.        sudo apt-get upgrade
3.        sudo apt-get install libnuma-dev
5.        git clone https://github.com/ntop/PF_RING.git
6.        cd PF_RING/kernel
7.        make
10.    sudo insmod ./pf_ring.ko
11.    cd ../userland
12.    make

Everything above works without error. The below steps are where I seem to run into trouble.

PF_Ring – Daq-Module Installation


13.    cd snort_src/daq-2.0.5
14.    autoreconf –ivf (Appears to execute properly.)
15.    ./configure (See attachment for output)
16.    make (See attachment for output)
17.    sudo make install (See attachment for output)

After the PF Ring Daq install is complete I attempt to run snort but receive the output below:

Snort Error:
[cid:image003.jpg@01D0BAFF.5BCBE3E0]

If you have any suggestions on how I can make this install successful please let me know.

Thank you,

Charles Davison

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!