Snort mailing list archives

Re: Snort PF_Ring Installation

From: Y M <snort () outlook com>
Date: Fri, 10 Jul 2015 17:26:31 +0000

From the directory listing, you don't have the PF_RING daq module compiled and installed.

In general, install steps can be as follows:1. PF_RING Kernal.2. PF_RING lib3. Snort daq4. PF_RING daq
For PF_RING daq module, you should do something like
cd /PF_RING/userland/snort/pfring-daq-module
and then compile and install. This step will result in the new PF_RING daq modules placed in the directory 
/use/local/lib/daq.

From: cdaviso1 () vols utk edu
To: snort () outlook com
CC: snort-users () lists sourceforge net; wkitty42 () windstream net; Avery.Rozar () i-techsupport com
Subject: RE: Snort PF_Ring Installation
Date: Fri, 10 Jul 2015 17:17:02 +0000

Ok I found the directory:

So should my install steps look like this?

PF_Ring – Daq-Module Installation 

13.    cd /user/local/lib/daq
14.    autoreconf –ivf (Appears to execute properly.)
15.    ./configure (See attachment for output)
16.    make (See attachment for output)
17.    sudo make install (See attachment for output)

From: Y M [mailto:snort () outlook com] 

Sent: Friday, July 10, 2015 11:10 AM

To: Davison, Charles Robert

Cc: snort-users () lists sourceforge net; waldo kitty

Subject: RE: Snort PF_Ring Installation

This directory (path) should be in your PF_RING directory you just cloned from GitHub and not in Snort's tarball.

Compiling PF_RING daq module should install the daq modules, by default in /use/local/lib/daq.

_____________________________

From: Davison, Charles Robert <cdaviso1 () vols utk edu>

Sent: Friday, July 10, 2015 8:03 PM

Subject: RE: Snort PF_Ring Installation

To: Y M <snort () outlook com>, waldo kitty <wkitty42 () windstream net>, <snort-users () lists sourceforge net>

Cc: Davison, Charles Robert <cdaviso1 () vols utk edu>

Good Morning,

I have not compiled the PF_RING daq module from ../userland/snort/pfring-daq-module. Im not sure I have this directory:

Please let me know where and how I would need to place this in the below steps.

From: Davison, Charles Robert [mailto:cdaviso1 () vols utk edu]

Sent: Friday, July 10, 2015 7:11 AM

To: snort-users () lists sourceforge net

Subject: [Snort-users] Snort PF_Ring Installation

Good Morning,

I am trying to get PF_Ring from Ntop functional. Please see the below steps I have performed thus far. By the way my 
snort installation is functional with BY2, PulledPork, and Snorby. I am running Ubuntu 14.04 (64Bit) and have install 
all
 the prerequisites for this software. I have used the links below for reference towards installing:

Reference:

http://www.ntop.org/get-started/download/#PF_RING
https://github.com/ntop/PF_RING/blob/dev/userland/snort/pfring-daq-module/README.1st
http://www.ntop.org/wp-content/uploads/2011/08/n2disk-UsersGuide1.pdf

The below steps are the exact steps that I have performed on this install.

PF_Ring Download Instructions  
1.        sudo apt-get update 
2.        sudo apt-get upgrade 
3.        sudo apt-get install libnuma-dev 
5.        git clone 
https://github.com/ntop/PF_RING.git 
6.        cd PF_RING/kernel 
7.        make 
10.    sudo insmod ./pf_ring.ko 
11.    cd ../userland 
12.    make 

Everything above works without error. The below steps are where I seem to run into trouble.

PF_Ring – Daq-Module Installation 

13.    cd snort_src/daq-2.0.5
14.    autoreconf –ivf (Appears to execute properly.)
15.    ./configure (See attachment for output)
16.    make (See attachment for output)
17.    sudo make install (See attachment for output)

After the PF Ring Daq install is complete I attempt to run snort but receive the output below:

Snort Error: 

If you have any suggestions on how I can make this install successful please let me know.

Thank you,

Charles Davison

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
- Re: Snort PF_Ring Installation Y M (Jul 10)
  - Re: Snort PF_Ring Installation waldo kitty (Jul 10)
- Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
  - Re: Snort PF_Ring Installation Y M (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
    - Re: Snort PF_Ring Installation Y M (Jul 10)
    - Re: Snort PF_Ring Installation waldo kitty (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
    - Re: Snort PF_Ring Installation Y M (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
    - Re: Snort PF_Ring Installation Y M (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 10)
    - Re: Snort PF_Ring Installation Davison, Charles Robert (Jul 23)
    - FW: Snort PF_Ring Installation Davison, Charles Robert (Jul 23)

(Thread continues...)