Re: Snortsam

[Frank Knobbe <fknobbe () knobbeits com>]

On Fri, 2002-10-25 at 09:22, Slighter, Tim wrote:
> Question about the latest Snortsam that is availabe on the snort.org site
> as:
> <http://www.snort.org/dl/contrib/patches/snortsam/snortsam-plugin.tar.gz>
> snortsam-plugin.tar.gz
> Does anyone have experience with working with this particular build ?  IIf
> so, can someone tell me how they patched this onto an existing snort 1.9.0
> build or if a recompile was required ? 

Tim,

the patch was build against the tarball source of 1.9. In order to
include the plugin, cane into the snort_1_9/src directory of the Snort
source and run patch < <path-to-patch>. Then recompile Snort.

If you do get any rejects during patch, most of the time they are on teh
Makefiles, which can easily be corrected by hand.

> Any known issues or bugs with this
> plugin ?  Otherwise, do any of the snortsam builds for OPSEC and snort 1.9.0
> beta work with the actual snort 1.9.0 release ?  Any tips, suggestion and
> advice would be greatly appreciated.  Thanks

I'm not quite what you mean with 1.9 beta. The Snortsam plugin patches
are build against the current available sources of Snort 1.8 and 1.9.
The Snort 2.0 version is not supported at this time since it is way too
much in flux.


Second email:
On Fri, 2002-10-25 at 09:26, Slighter, Tim wrote:
> What are the current platforms supported for the agent ?  Would it be
safe
> to assume that the agent will run on the stripped down BSD OS on a
Nokia
> running Checkpoint NG ?  Anyone had any experience or success with
this ?


The agent should run on anything you can compile it on. Successes have
been reported on Windows NT4, Windows 2000, FreeBSD, Linux, and Solaris.
I'm not sure about the Nokia as I consider this more of an appliance and
less of an OS. You can run the SnortSam agent on a BSD box close to the
Nokia.


Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part