Snort mailing list archives
Re: ERROR: Can't find pcap DAQ!
From: "Jonathan S. Abrams" <jonathansabrams () gmail com>
Date: Sat, 14 Jan 2012 10:13:54 -0500
On Wed, Jan 11, 2012 at 9:24 AM, Russ Combs <rcombs () sourcefire com> wrote:
On Fri, Jan 6, 2012 at 9:43 PM, Jonathan S. Abrams < jonathansabrams () gmail com> wrote:Thanks for the suggestion. I discovered that I need to run this command to avoid the error message. sudo snort -de -i en0 --daq-dir /usr/local/lib/daq I took a look in the readme that comes with daq 0.6.2, and it is installed where the readme says it would be. Is it a problem that daq is installed in /usr/local/lib/daq? Will Snort not work without the option above in all commands? If this is a problem that will prevent Snort from working, what is the best way to resolve it?--daq-dir is not required if the static DAQ is built. Your config.log will probably have a clue as to why that wasn't built.
After Googling the above tip, I found http://vrt-blog.snort.org/2010/08/snort-29-essentials-daq.html. I recompiled snort using the following command. ./configure --with-daq-includes=/usr/local/include/ --with-daq-libraries=/usr/local/lib/ Now when I execute sudo snort -de -i en0, I do not receive an error. However, I am using Snort with OSX. Here's a bit of text from the INSTALL file that is included with Snort. -- * Open BSD / Free BSD / MAC OSX ------------------------------- For Open BSD and some versions of Free BSD, use the --disable-static-daq option to Snort's configure script. This is a work-around to an issue with building shared libraries that link against a static library. Without this option to configure, libsf_engine.so and the dynamic preprocessors may not be built correctly. -- Is OSX lumped in here because it has roots in these other BSDs? Does this issue of building shared libraries that link against a static library really exist on OSX? Since I did NOT use the --disable-static-daq option, is there a way to verify that libsf_engine.so and the dynamic preprocessors were built correctly? Thanks for reading!
------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
- Message not available
- Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
- Re: ERROR: Can't find pcap DAQ! Russ Combs (Jan 11)
- Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 14)
- Re: ERROR: Can't find pcap DAQ! Russ Combs (Jan 16)
- Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
- Message not available