Snort mailing list archives
Re: Snort3 and CentOS build issues
From: SheHas Noname via Snort-users <snort-users () lists snort org>
Date: Fri, 4 Oct 2019 16:44:19 +0000
Thanks for your help everyone
________________________________
From: Russ Combs (rucombs) <rucombs () cisco com>
Sent: Friday, October 4, 2019 8:05:30 AM
To: SheHas Noname <hannie_nerd () outlook com>; snort-users () lists snort org <snort-users () lists snort org>
Subject: Re: [Snort-users] Snort3 and CentOS build issues
Snort 3 does not currently support CentOS. Other more up-to-date distros should be no problem.
Hyperscan is optional but highly recommended for best performance.
From: Snort-users <snort-users-bounces () lists snort org> on behalf of SheHas Noname via Snort-users <snort-users ()
lists snort org>
Reply-To: SheHas Noname <hannie_nerd () outlook com>
Date: Thursday, October 3, 2019 at 7:51 PM
To: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: [Snort-users] Snort3 and CentOS build issues
1. I am following the Snort3 install guide for CentOS.
*
https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/140/original/Snort_3_on_CentOS_7.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20191003%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191003T231326Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=5c55a4addc66cf7ece0b470017c6fc53d710aa38c6aa95fd924db50fa7452bb3
1. My install errors out during snort3 build compilation. This is after all dependencies and extra features have
been installed. Step III, below, is where all the compilation errors occur.
i. Proceed with installing Snort 3.
ii. # cd build/
iii. # make –j 8
1. Is CentOS not supported? I am curious because I found Xiche mentioned the following:
* You need the latest libdaq code from the libdaq repository, but we don't support CentOS/RHEL7 for multiple
reasons right now (potentially ever).
* I have tried the latest libdaq code but it didn’t help, unless I’m doing something wrong?
1. Is Hyperscan a potential issue that I saw amongst one of the many forums I’ve scoured?
1. Has anyone had this issue and got it remediated? If so, I would love some guidance.
Logs below: <snippet>
/sources/snort3/build # make -j 8
[ 0%] Building CXX object src/codecs/root/CMakeFiles/root_codecs.dir/cd_eth.cc.o
[ 0%] Building CXX object src/codecs/misc/CMakeFiles/misc_codecs.dir/cd_icmp4_ip.cc.o
[ 0%] Building CXX object src/codecs/link/CMakeFiles/link_codecs.dir/cd_vlan.cc.o
[ 0%] Built target tcp_connector
[ 0%] Building CXX object src/actions/CMakeFiles/ips_actions.dir/actions.cc.o
[ 0%] Building CXX object src/actions/CMakeFiles/ips_actions.dir/act_replace.cc.o
[ 1%] Built target control
[ 1%] Built target codecs
[ 1%] Building CXX object src/codecs/ip/CMakeFiles/ip_codecs.dir/cd_ipv4.cc.o
/home/[user]/sources/snort3/src/codecs/root/cd_eth.cc:25:21: fatal error: daq_dlt.h: No such file or directory
#include <daq_dlt.h>
^
compilation terminated.
[ 1%] Building CXX object src/codecs/misc/CMakeFiles/misc_codecs.dir/cd_user.cc.o
/home/[user]/sources/snort3/src/codecs/ip/cd_ipv4.cc:26:21: fatal error: daq_dlt.h: No such file or directory
#include <daq_dlt.h>
^
compilation terminated.
make[2]: *** [src/codecs/root/CMakeFiles/root_codecs.dir/cd_eth.cc.o] Error 1
make[1]: *** [src/codecs/root/CMakeFiles/root_codecs.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 1%] Building CXX object src/detection/CMakeFiles/detection.dir/context_switcher.cc.o
[ 1%] Building CXX object src/actions/CMakeFiles/ips_actions.dir/act_react.cc.o
make[2]: *** [src/codecs/ip/CMakeFiles/ip_codecs.dir/cd_ipv4.cc.o] Error 1
make[1]: *** [src/codecs/ip/CMakeFiles/ip_codecs.dir/all] Error 2
[ 1%] Building CXX object src/detection/CMakeFiles/detection.dir/detect.cc.o
In file included from /home/[user]/sources/snort3/src/codecs/misc/cd_user.cc:26:0:
/home/[user]/sources/snort3/daqs/daq_user.h:49:5: error: ‘DAQ_Msg_h’ does not name a type
DAQ_Msg_h msg;
^
In file included from /home/[user]/sources/snort3/src/codecs/misc/cd_user.cc:28:0:
/home/[user]/sources/snort3/src/packet_io/sfdaq.h:67:23: error: ‘DAQ_Msg_h’ has not been declared
static int inject(DAQ_Msg_h, int rev, const uint8_t* buf, uint32_t len);
^
In file included from /home/[user]/sources/snort3/src/codecs/misc/cd_user.cc:29:0:
/home/[user]/sources/snort3/src/packet_io/sfdaq_instance.h:45:15: error: ‘DAQ_Config_h’ has not been declared
bool init(DAQ_Config_h, const std::string& bpf_string);
^
/home/[user]/sources/snort3/src/packet_io/sfdaq_instance.h:52:5: error: ‘DAQ_RecvStatus’ does not name a type
DAQ_RecvStatus receive_messages(unsigned max_recv);
^
/home/[user]/sources/snort3/src/packet_io/sfdaq_instance.h:53:5: error: ‘DAQ_Msg_h’ does not name a type
DAQ_Msg_h next_message()
^
/home/[user]/sources/snort3/src/packet_io/sfdaq_instance.h:59:26: error: ‘DAQ_Msg_h’ has not been declared
int finalize_message(DAQ_Msg_h msg, DAQ_Verdict verdict);
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort3 and CentOS build issues SheHas Noname via Snort-users (Oct 03)
- Re: Snort3 and CentOS build issues Y M via Snort-users (Oct 04)
- Re: Snort3 and CentOS build issues Dorian ROSSE via Snort-users (Oct 04)
- <Possible follow-ups>
- Re: Snort3 and CentOS build issues Russ Combs (rucombs) via Snort-users (Oct 04)
- Re: Snort3 and CentOS build issues SheHas Noname via Snort-users (Oct 04)