Snort mailing list archives
Re: Problem to configure DAQ on SNORT
From: Y M <snort () outlook com>
Date: Fri, 13 Sep 2013 12:15:13 +0300
Have you tried compiling/using rpms (if available) of the following: libnetfilter_queue-devel libnfnetlink libnfnetlink-devel Looking at your output: checking libipq.h usability... no checking libipq.h presence... no checking for libipq.h... no checking for linux/netfilter.h... yes checking for netinet/in.h... (cached) yes checking libnetfilter_queue/libnetfilter_queue.h usability... no checking libnetfilter_queue/libnetfilter_queue.h presence... no checking for libnetfilter_queue/libnetfilter_queue.h... no Some google searching and got below rpms (never tested them myself, or if they are available): x86: http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_queue-0.0.15-1.i386.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnetfilter_queue-devel-0.0.15-1.i386.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-0.0.30-1.i386.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/i386/libnfnetlink-devel-0.0.30-1.i386.rpm x86_64: http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.15-1.x86_64.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-0.0.30-1.x86_64.rpm http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnfnetlink-devel-0.0.30-1.x86_64.rpm Finally, Snort will work just fine alerting on "alert" rules while running inline and dropping packets with "drop" rules. YM ________________________________ From: Kelevra Slevin<mailto:kelevra19 () gmail com> Sent: 9/13/2013 4:51 AM To: Safwat<mailto:safwat1242 () gmail com> Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Problem to configure DAQ on SNORT I already search for a solution to this problem on centOS, but I barely found anything and when I found is another OS. If someone knows a way to redirect to another lib, like libnetfilter_contrack, I would apreciate the help. One more thing, with this config Snort will work properly as an IDS? On Thu, Sep 12, 2013 at 5:42 PM, Safwat <safwat1242 () gmail com> wrote:
We also have the same problem, and could not find solution **** ** ** ** ** ** ** *From:* Kelevra Slevin [mailto:kelevra19 () gmail com] *Sent:* Thursday, September 12, 2013 4:37 PM *To:* snort-users () lists sourceforge net *Subject:* [Snort-users] Problem to configure DAQ on SNORT**** ** ** I'm new using Snort and i'm having problem to compile DAQ with nfq module. At first I will use as IDS to get use with snort, but in future I would like to use snort as an ips on inline mode. I use cent os 6.**** ** ** After a google search I installed some recommend libs using this commands: **** yum install libnfnetlink***** yum install libnetfilter_contrack***** **** The ./configure of daq:**** checking for a BSD-compatible install... /usr/bin/install -c**** checking whether build environment is sane... yes**** checking for a thread-safe mkdir -p... /bin/mkdir -p**** checking for gawk... gawk**** checking whether make sets $(MAKE)... yes**** checking for gcc... gcc**** checking whether the C compiler works... yes**** checking for C compiler default output file name... a.out**** checking for suffix of executables... **** checking whether we are cross compiling... no**** checking for suffix of object files... o**** checking whether we are using the GNU C compiler... yes**** checking whether gcc accepts -g... yes**** checking for gcc option to accept ISO C89... none needed**** checking for style of include used by make... GNU**** checking dependency style of gcc... gcc3**** checking build system type... x86_64-unknown-linux-gnu**** checking host system type... x86_64-unknown-linux-gnu**** checking how to print strings... printf**** checking for a sed that does not truncate output... /bin/sed**** checking for grep that handles long lines and -e... /bin/grep**** checking for egrep... /bin/grep -E**** checking for fgrep... /bin/grep -F**** checking for ld used by gcc... /usr/bin/ld**** checking if the linker (/usr/bin/ld) is GNU ld... yes**** checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B**** checking the name lister (/usr/bin/nm -B) interface... BSD nm**** checking whether ln -s works... yes**** checking the maximum length of command line arguments... 1966080**** checking whether the shell understands some XSI constructs... yes**** checking whether the shell understands "+="... yes**** checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop**** checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop**** checking for /usr/bin/ld option to reload object files... -r**** checking for objdump... objdump**** checking how to recognize dependent libraries... pass_all**** checking for dlltool... no**** checking how to associate runtime and link libraries... printf %s\n**** checking for ar... ar**** checking for archiver @FILE support... @**** checking for strip... strip**** checking for ranlib... ranlib**** checking command to parse /usr/bin/nm -B output from gcc object... ok**** checking for sysroot... no**** checking for mt... no**** checking if : is a manifest tool... no**** checking how to run the C preprocessor... gcc -E**** checking for ANSI C header files... yes**** checking for sys/types.h... yes**** checking for sys/stat.h... yes**** checking for stdlib.h... yes**** checking for string.h... yes**** checking for memory.h... yes**** checking for strings.h... yes**** checking for inttypes.h... yes**** checking for stdint.h... yes**** checking for unistd.h... yes**** checking for dlfcn.h... yes**** checking for objdir... .libs**** checking if gcc supports -fno-rtti -fno-exceptions... no**** checking for gcc option to produce PIC... -fPIC -DPIC**** checking if gcc PIC flag -fPIC -DPIC works... yes**** checking if gcc static flag -static works... no**** checking if gcc supports -c -o file.o... yes**** checking if gcc supports -c -o file.o... (cached) yes**** checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes**** checking whether -lc should be explicitly linked in... no**** checking dynamic linker characteristics... GNU/Linux ld.so**** checking how to hardcode library paths into programs... immediate**** checking whether stripping libraries is possible... yes**** checking if libtool supports shared libraries... yes**** checking whether to build shared libraries... yes**** checking whether to build static libraries... yes**** checking for visibility support... yes**** checking CFLAGS for gcc -Wall... -Wall**** checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings**** checking CFLAGS for gcc -Wsign-compare... -Wsign-compare**** checking CFLAGS for gcc -Wcast-align... -Wcast-align**** checking CFLAGS for gcc -Wextra... -Wextra**** checking CFLAGS for gcc -Wformat... -Wformat**** checking CFLAGS for gcc -Wformat-security... -Wformat-security**** checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter**** checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing**** checking CFLAGS for gcc -fdiagnostics-show-option... -fdiagnostics-show-option**** checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic -std=c99 -D_GNU_SOURCE**** checking for getaddrinfo... yes**** checking for flex... flex**** checking for flex 2.4 or higher... yes**** checking for bison... bison**** checking linux/if_ether.h usability... yes**** checking linux/if_ether.h presence... yes**** checking for linux/if_ether.h... yes**** checking linux/if_packet.h usability... yes**** checking linux/if_packet.h presence... yes**** checking for linux/if_packet.h... yes**** checking pcap.h usability... yes**** checking pcap.h presence... yes**** checking for pcap.h... yes**** checking for pcap_lib_version in -lpcap... yes**** checking netinet/in.h usability... yes**** checking netinet/in.h presence... yes**** checking for netinet/in.h... yes**** checking libipq.h usability... no**** checking libipq.h presence... no**** checking for libipq.h... no**** checking for linux/netfilter.h... yes**** checking for netinet/in.h... (cached) yes**** checking libnetfilter_queue/libnetfilter_queue.h usability... no**** checking libnetfilter_queue/libnetfilter_queue.h presence... no**** checking for libnetfilter_queue/libnetfilter_queue.h... no**** checking for linux/netfilter.h... (cached) yes**** checking for pcap.h... (cached) yes**** checking for pcap_lib_version... checking for pcap_lib_version in -lpcap... (cached) yes**** checking for libpcap version >= "1.0.0"... yes**** checking for dlopen in -ldl... yes**** checking for inttypes.h... (cached) yes**** checking for memory.h... (cached) yes**** checking netdb.h usability... yes**** checking netdb.h presence... yes**** checking for netdb.h... yes**** checking for netinet/in.h... (cached) yes**** checking for stdint.h... (cached) yes**** checking for stdlib.h... (cached) yes**** checking for string.h... (cached) yes**** checking sys/ioctl.h usability... yes**** checking sys/ioctl.h presence... yes**** checking for sys/ioctl.h... yes**** checking sys/param.h usability... yes**** checking sys/param.h presence... yes**** checking for sys/param.h... yes**** checking sys/socket.h usability... yes**** checking sys/socket.h presence... yes**** checking for sys/socket.h... yes**** checking sys/time.h usability... yes**** checking sys/time.h presence... yes**** checking for sys/time.h... yes**** checking for unistd.h... (cached) yes**** checking for inline... inline**** checking for size_t... yes**** checking for uint16_t... yes**** checking for uint32_t... yes**** checking for uint64_t... yes**** checking for uint8_t... yes**** checking for stdlib.h... (cached) yes**** checking for GNU libc compatible malloc... yes**** checking for stdlib.h... (cached) yes**** checking for unistd.h... (cached) yes**** checking for sys/param.h... (cached) yes**** checking for getpagesize... yes**** checking for working mmap... yes**** checking for gethostbyname... yes**** checking for getpagesize... (cached) yes**** checking for memset... yes**** checking for munmap... yes**** checking for socket... yes**** checking for strchr... yes**** checking for strcspn... yes**** checking for strdup... yes**** checking for strerror... yes**** checking for strrchr... yes**** checking for strstr... yes**** checking for strtoul... yes**** configure: creating ./config.status**** config.status: creating Makefile**** config.status: creating api/Makefile**** config.status: creating os-daq-modules/Makefile**** config.status: creating os-daq-modules/daq-modules-config**** config.status: creating sfbpf/Makefile**** config.status: creating config.h**** config.status: config.h is unchanged**** config.status: executing depfiles commands**** config.status: executing libtool commands**** ** ** Build AFPacket DAQ module.. : yes**** Build Dump DAQ module...... : yes**** Build IPFW DAQ module...... : yes**** Build IPQ DAQ module....... : no**** Build NFQ DAQ module....... : no**** Build PCAP DAQ module...... : yes**** ** ** Thanks in advance,**** SK****
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problem to configure DAQ on SNORT Kelevra Slevin (Sep 12)
- Re: Problem to configure DAQ on SNORT Safwat (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 12)
- <Possible follow-ups>
- Re: Problem to configure DAQ on SNORT Y M (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 13)
- Re: Problem to configure DAQ on SNORT vpiserchia () gmail com (Sep 13)
- Re: Problem to configure DAQ on SNORT Kelevra Slevin (Sep 13)
- Re: Problem to configure DAQ on SNORT Safwat (Sep 13)