Re: Error using latest ruleset with Snort++

[Russ via Snort-users <snort-users () lists snort org>]

Yes 4.4.0 is the minimum now, but luckily you don't need any of those 
other packages.  However, you do need to patch hyperscan's build foo to 
get around sqlite3.  Use the attached patch in your top-level hyperscan 
directory per the following and rebuild:

    patch -p1 < hs_no_sqlite3.diff

On 7/15/17 8:26 AM, Jim Campbell wrote:
> Russ,
>
> I found why Snort 3 isn't picking up hyperscan. Noah's cookbook for 
> installing Snort 3 has me getting hyperscan 4.2.0 but Snort is 
> checking to see if 4.4.0 is installed.
>
> I attempted to install hyperscan 4.4.0 but CMake is looking for three 
> prerequisites that I don't want to pursue now because it is past 
> midnight. The three prereqs are Doxygen, Spinx and sqlite3. CMake 
> whined about the first two but absolutely refused to go on for lack of 
> sqlite3. I'll try to fix after a night's sleep.
>
> Jim
>
> On 7/14/2017 5:16 PM, Russ wrote:
> > 4.  Your gid:138 rules are rejected by Snort 3 because you need 
> > hyperscan for sd_pattern.  That is available for Intel platforms from 
> > https://github.com/01org/hyperscan.
> --
> "We are not human beings having a spiritual experience;
> we are spiritual beings having a human experience."
> ---Pierre Teilhard de Chardin
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

Attachment: hs_no_sqlite3.diff
Description:

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!