Re: Snort + PF_RING + DAQ

[livio Ricciulli <livio () metaflows com>]

The instructions on the pdf on the Snort site were outdated; sorry.
Both https://www.metaflows.com/technology/pf-ring/
and the included pdf should work.
Make sure you do

yum -y install libdnet kernel-devel libtool subversion automake make 
autoconf pcre-devel flex bison byacc gcc zlib-devel gcc-c++

before doing anything else.

We do not use the latest versions of PF_RING and daq because they keep 
changing too quickly
for us to do proper QA. The combination of versions in our instructions 
seem to be extremely stable.. If you
want to venture with the latest versions, please let us know how it goes..

Livio.

On 08/29/2012 12:12 PM, Eric Luellen wrote:
> Hello,
>
> I've been playing around with PR_RING lately on Snort and haven't had 
> a whole lot of luck. I've followed the instructures found here 
> <http://www.snort.org/assets/186/PF_RING_Snort_Inline_Instructions.pdf> with 
> minimal success. I've ran into various compile errors and it always 
> seems to be around the pfring-daq-module. Are there any prebuilt RPMs 
> or updated instructions using the latest version of all of the 
> programs in question? I've tried a few combinations and have read how 
> some of the older DAQ versions are no longer supported and others have 
> had issues with the newer version. So any help or links to new guides 
> would be greatly appreciated.
>
> Eric
>
>
> --
>   The sender of this email subscribes to Perimeter E-Security's email
>   anti-virus service. This email has been scanned for malicious code and is
>   believed to be virus free. For more information on email security please
>   visit: http://www.perimeterusa.com/services/messaging
>   This communication is confidential, intended only for the named recipient(s)
>   above and may contain trade secrets or other information that is exempt from
>   disclosure under applicable law. Any use, dissemination, distribution or
>   copying of this communication by anyone other than the named recipient(s) is
>   strictly prohibited. If you have received this communication in error, please
>   delete the email and immediately notify our Command Center at 203-541-3444.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

Attachment: PF_RING Snort Inline Instructions_daq_062.pdf
Description:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!