Snort mailing list archives
Re: ERROR: Can't find pcap DAQ!
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 16 Jan 2012 12:02:55 -0500
On Sat, Jan 14, 2012 at 10:13 AM, Jonathan S. Abrams < jonathansabrams () gmail com> wrote:
On Wed, Jan 11, 2012 at 9:24 AM, Russ Combs <rcombs () sourcefire com> wrote:On Fri, Jan 6, 2012 at 9:43 PM, Jonathan S. Abrams < jonathansabrams () gmail com> wrote:Thanks for the suggestion. I discovered that I need to run this command to avoid the error message. sudo snort -de -i en0 --daq-dir /usr/local/lib/daq I took a look in the readme that comes with daq 0.6.2, and it is installed where the readme says it would be. Is it a problem that daq is installed in /usr/local/lib/daq? Will Snort not work without the option above in all commands? If this is a problem that will prevent Snort from working, what is the best way to resolve it?--daq-dir is not required if the static DAQ is built. Your config.log will probably have a clue as to why that wasn't built.After Googling the above tip, I found http://vrt-blog.snort.org/2010/08/snort-29-essentials-daq.html. I recompiled snort using the following command. ./configure --with-daq-includes=/usr/local/include/ --with-daq-libraries=/usr/local/lib/ Now when I execute sudo snort -de -i en0, I do not receive an error. However, I am using Snort with OSX. Here's a bit of text from the INSTALL file that is included with Snort. -- * Open BSD / Free BSD / MAC OSX ------------------------------- For Open BSD and some versions of Free BSD, use the --disable-static-daq option to Snort's configure script. This is a work-around to an issue with building shared libraries that link against a static library. Without this option to configure, libsf_engine.so and the dynamic preprocessors may not be built correctly. -- Is OSX lumped in here because it has roots in these other BSDs? Does this issue of building shared libraries that link against a static library really exist on OSX? Since I did NOT use the --disable-static-daqoption, is there a way to verify that libsf_engine.so and the dynamic preprocessors were built correctly? Thanks for reading!
They all had the same problem initially. I think we've tweaked it some since that was written though. If your Snort builds and runs, you are good to go. We will revisit that and update the documentation accordingly. Thanks.
------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
- Message not available
- Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
- Re: ERROR: Can't find pcap DAQ! Russ Combs (Jan 11)
- Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 14)
- Re: ERROR: Can't find pcap DAQ! Russ Combs (Jan 16)
- Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
- Message not available