Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort PF_Ring Installation

From: "Davison, Charles Robert" <cdaviso1 () vols utk edu>
Date: Fri, 10 Jul 2015 19:07:15 +0000
Ok,

So basically ill just browse to those additional directories and do ?

./configure
Make
Make install



From: Y M [mailto:snort () outlook com]
Sent: Friday, July 10, 2015 1:06 PM
To: Davison, Charles Robert
Cc: Avery Rozar; snort-users
Subject: RE: Snort PF_Ring Installation

lib is in userland.
________________________________
From: cdaviso1 () vols utk edu<mailto:cdaviso1 () vols utk edu>
To: snort () outlook com<mailto:snort () outlook com>; wkitty42 () windstream net<mailto:wkitty42 () windstream net>
CC: avery.rozar () i-techsupport com<mailto:avery.rozar () i-techsupport com>; snort-users () lists sourceforge 
net<mailto:snort-users () lists sourceforge net>
Subject: RE: Snort PF_Ring Installation
Date: Fri, 10 Jul 2015 19:03:23 +0000
Thank you this makes sense, but I don't not see a

PF_RING lib
Snort daq

[image003.png@01D0BB0F.F63B4F50]

From: Y M [mailto:snort () outlook com]
Sent: Friday, July 10, 2015 12:32 PM
To: Davison, Charles Robert; waldo kitty
Cc: Avery Rozar; snort-users
Subject: RE: Snort PF_Ring Installation

If you get no errors are generated at the end then it should be ok. This is only for the kernel module. There are 
modules/libraries that also need to be installed to have PF_RING functional. As I mentioned before, there is the lib, 
pfring-daq-module, and drivers (if you want to install them). For each module, you need to go to its respective 
directory and install it.

In the case of the PF_RING daq module, you should do something like:

cd /PF_RING/userland/snort/pfring-daq-module

and then

autoreconf -ivf
./configure
make
make install

The above should install the PF_RING daq modules into /usr/local/lib/daq.

After the above is done, if you ls -l /usr/local/lib/daq, you should see something similar to this (note the last two 
lines):

daq_afpacket.la
daq_afpacket.so
daq_dump.la
daq_dump.so
daq_netmap.la
daq_netmap.so
daq_pcap.la
daq_pcap.so
daq_pfring.la
daq_pfring.so

________________________________
From: cdaviso1 () vols utk edu<mailto:cdaviso1 () vols utk edu>
To: wkitty42 () windstream net<mailto:wkitty42 () windstream net>; snort () outlook com<mailto:snort () outlook com>
CC: Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>; snort-users () lists sourceforge 
net<mailto:snort-users () lists sourceforge net>
Subject: RE: Snort PF_Ring Installation
Date: Fri, 10 Jul 2015 18:03:48 +0000
This is what I get with sudo make... so maybe just make will work...?[image001.png@01D0BB0E.352E2FE0]

From: Davison, Charles Robert
Sent: Friday, July 10, 2015 12:02 PM
To: Davison, Charles Robert; waldo kitty; Y M
Cc: Avery Rozar; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: RE: Snort PF_Ring Installation

This is where I am not now.

PF_Ring Download Instructions
1.        sudo apt-get update
2.        sudo apt-get upgrade
3.        sudo apt-get install libnuma-dev
5.        git clone https://github.com/ntop/PF_RING.git
6.        cd PF_RING/kernel
7.        sudo make install
[image002.png@01D0BB0E.352E2FE0]
10.    sudo insmod ./pf_ring.ko
11.    cd ../userland
12.     sudo make install

From: Davison, Charles Robert [mailto:cdaviso1 () vols utk edu]
Sent: Friday, July 10, 2015 11:40 AM
To: waldo kitty; Y M
Cc: Avery Rozar; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort PF_Ring Installation

Ok so your saying this might work as long as I can verify it places the daq file in /user/local/lib/daq

PF_Ring Download Instructions
1.        sudo apt-get update
2.        sudo apt-get upgrade
3.        sudo apt-get install libnuma-dev
5.        git clone https://github.com/ntop/PF_RING.git
6.        cd PF_RING/kernel
7.        sudo make install
10.    sudo insmod ./pf_ring.ko
11.    cd ../userland
12.     sudo make install

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net]
Sent: Friday, July 10, 2015 11:33 AM
To: Davison, Charles Robert; Y M
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>; Avery Rozar
Subject: Re: Snort PF_Ring Installation

On 07/10/2015 01:17 PM, Davison, Charles Robert wrote:

Ok I found the directory:


you found the default install directory but your listing doesn't appear to show the pfring daq in there... you have to 
go back to first steps where you cloned the repo from git... you ran two "make" commands... the second one is the one 
that should compile the daq module and install it into /usr/local/lib/daq... you need to go back to that second make 
and see if it failed to make the daq module or if it failed to install it...

--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: