Snort mailing list archives
RE: How to enable XML Logging in Snort 2.3.2
From: Jitendra Gupta <jitendrakrgupta_snort () yahoo co in>
Date: Tue, 5 Apr 2005 08:43:22 +0100 (BST)
Dear Sir,
Thanks a lot again for taking interest in my
problem.Here's my output of ./configure --help :-
snort-2.3.2]# ./configure --help|more
`configure' configures this package to adapt to many
kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...),
specify them as VAR=VALUE. See below for descriptions
of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to
this package
--help=recursive display the short help of
all the included packages
-V, --version display version information
and exit
-q, --quiet, --silent do not print `checking...'
messages
--cache-file=FILE cache test results in FILE
[disabled]
-C, --config-cache alias for
`--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR
[configure dir or `..']
Installation directories:
--prefix=PREFIX install
architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install
architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files
in
`/usr/local/bin', `/usr/local/lib' etc. You can
specify
--More--
an installation prefix other than `/usr/local' using
`--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables
[EPREFIX/bin]
--sbindir=DIR system admin executables
[EPREFIX/sbin]
--libexecdir=DIR program executables
[EPREFIX/libexec]
--datadir=DIR read-only
architecture-independent data [PREFIX/share]
--sysconfdir=DIR read-only single-machine data
[PREFIX/etc]
--sharedstatedir=DIR modifiable
architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine
data [PREFIX/var]
--libdir=DIR object code libraries
[EPREFIX/lib]
--includedir=DIR C header files
[PREFIX/include]
--oldincludedir=DIR C header files for non-gcc
[/usr/include]
--infodir=DIR info documentation
[PREFIX/info]
--mandir=DIR man documentation
[PREFIX/man]
Program names:
--program-prefix=PREFIX prepend PREFIX to
installed program names
--program-suffix=SUFFIX append SUFFIX to
installed program names
--program-transform-name=PROGRAM run sed PROGRAM
on installed program names
System types:
--build=BUILD configure for building on BUILD
[guessed]
--host=HOST cross-compile to build programs to
run on HOST [BUILD]
--More--
Optional Features:
--disable-FEATURE do not include FEATURE (same
as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-64bit-gcc Try to compile 64bit (only
tested on Sparc Solaris 9).
--disable-dependency-tracking Speeds up one-time
builds
--enable-dependency-tracking Do not reject slow
dependency extractors
--enable-debug enable debugging options
(bugreports and developers only)
--enable-profile enable profiling options
(developers only)
--enable-sourcefire Enable Sourcefire specific
build options
--enable-perfmonitor Enable perfmonitor
preprocessor
--enable-linux-smp-stats Enable statistics reporting
through proc
--enable-inline Use the libipq interface for
inline snort
--enable-ipfw Enable ipfw Divert mode for
use with inline
--enable-flexresp Flexible Responses on
hostile connection attempts
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as
--with-PACKAGE=no)
--with-libpcap-includes=DIR libpcap include
directory
--with-libpcap-libraries=DIR libpcap library
directory
--with-libpcre-includes=DIR libpcre include
directory
--with-libpcre-libraries=DIR libpcre library
directory
--with-libnet-includes=DIR libnet include
directory
--with-libnet-libraries=DIR libnet library
directory
--with-mysql=DIR support for mysql
--with-odbc=DIR support for odbc
--with-postgresql=DIR support for postgresql
--with-oracle=DIR support for oracle
--More--
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you
have libraries in a
nonstandard directory <lib dir>
CPPFLAGS C/C++ preprocessor flags, e.g.
-I<include dir> if you have
headers in a nonstandard directory
<include dir>
CPP C preprocessor
Use these variables to override the choices made by
`configure' or to help
it to find libraries and programs with nonstandard
names/locations.
--- Joshua Berry <jberry () PENSON COM> wrote:
What is the output of ./configure --help? -----Original Message----- From: Jitendra Gupta [mailto:jitendrakrgupta_snort () yahoo co in] Sent: Monday, April 04, 2005 9:23 AM To: Joshua Berry; snort-users () lists sourceforge net Subject: RE: [Snort-users] How to enable XML Logging in Snort 2.3.2 Thanks a lot Sir for helping me out but sorry to say that it didn't work. When I visited http://aircert.sourceforge.net/libairutil/ and http://aircert.sourceforge.net/libih/ They said :- libairutil has been merged into libair and libih has been merged into libair and so I installed only libair .Then following your instructions ,I did the following steps orderly:- 1. snort-2.3.2]# aclocal-1.7 2. snort-2.3.2]# autoheader-2.5x 3. snort-2.3.2]# automake-1.7 --add-missing 4. snort-2.3.2]# autoconf-2.5x 5. snort-2.3.2]# ./configure --with-libair=/usr/local/lib/ --with-mysql Still ./configure --help did not have any parameter for --with-libair 6. snort-2.3.2]# make 7. snort-2.3.2]# make install Then after editing snort.conf by adding output xml: log,file=/var/log/snort/output.xml above the output database line(I am using MySQL) and running the command snort -c snort.conf I again got the same error ERROR:unknown output plugin:'xml'Fatal Error, Quitting.. Please help, Jitendra --- Joshua Berry <jberry () PENSON COM> wrote:After patching snort, you should probably run: aclocal autoheader automake --add-missing autoconf Then run ./configure --with-libih--with-libairtutil-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]OnBehalf Of Jitendra Gupta Sent: Saturday, April 02, 2005 4:26 AM To: snort-users () lists sourceforge net Subject: [Snort-users] How to enable XML LogginginSnort 2.3.2 Hello List, I am a newbie to Snort .I haveinstalledSnort 2.3.2 on Mandrake 9.2 and want to enable XML logging in it.I have gone throughhttp://www.cert.org/kb/snortxml/ but still cannot achieve it.I installed libairutil 0.2.24 and libair 0.4.30. Then I rebuilt the snort using /configure --with-libih --with-libairtutil. But when I did ./configure --help I didnot findanyparameter for --with-libih and --with-libairutil.Still I continued to do make and make install.Then after editing snort.conf by adding output xml: log,file=/var/log/snort/output.xml above the output database line(I am using MySQL)andrunning the command snort -c snort.conf I get the error ERROR:unknown output plugin:'xml'Fatal Error, Quitting.. Please Help me out.I am in deep need of the solution.If you can suggest any other method,pleasesuggest. Thanking You, Yours Faithfully, Jitendra
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 02)
- <Possible follow-ups>
- How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 02)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 04)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 05)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 06)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 07)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 07)
- RE: How to enable XML Logging in Snort 2.3.2 Jitendra Gupta (Apr 07)