Re: Snort 2.9 Setup Guide

[Andersen Klaus <klaus.andersen () mfa no>]

From: David Gullett [mailto:dgullett () symmetrixtech com]
Sent: Tuesday, October 19, 2010 3:04 AM
To: snort-users
Subject: [Snort-users] Snort 2.9 Setup Guide

Hey, I posted a Snort 2.9 setup guide for Ubuntu 10.04 LTS last week.  For those that care, you can access the PDF 
here: http://www.symmetrixtech.com/articles/008-snortinstallguide290.html

Any complaints, suggestions, excoriations etc are welcomed and encouraged.  Randal, I bet you have a shot or two 
(seriously, just kidding...)

Regards,
David Gullett | Symmetrix Technologies
dgullett () symmetrixtech com<mailto:dgullett () symmetrixtech com>
106 N. Denton Tap Road, Suite 210-262 | Coppell, TX  75019


Hi David,



I ran into two problems when I followed the installation guide you published.



When I tested the installation snort exited with an error:



/usr/local/snort/bin/snort: error while loading shared libraries:

libsfbpf.so.0: cannot open shared object file: No such file or directory



I found a forum post on this issue:



https://forums.snort.org/forums/snort-newbies/topics/libdnet-not-found



When I run the commands described there as root, (# LD_LIBRARY_PATH=/usr/local/lib, # export LD_LIBRARY_PATH) Snort 
initializes properly.



I have not found out how to make this change permanent, so any suggestions on how to do this would be appreciated.



The second issue I had, was that Snortreport did not show any alerts, only a warning that said “No data”. I think you 
have helped other users with this error before cf. 
http://readlist.com/lists/lists.sourceforge.net/snort-users/1/7254.html When I followed the advice given here, Snort 
and Snortreport both work.



I installed Snort with Snortreport on a VM and only for testing purposes. So I did not do the "Setting up the network 
cards" part, nor configure the "rc.local" file to start Snort automatically. Otherwise I followed the installation 
guide step by step.



I also had a brief look at the new version of Snortreport on you demo site. I do not know how it compares to BASE in 
functionality or use, since I have not come around to installing BASE yet. I am going to test Snort with Snortreport 
more as I think it looks promising as a front end to snort.





Regards,

Klaus Andersen





------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users