[Snort-users] Libnet & 'resp'

Brent Kearney brent at ...2359...
Wed Jun 20 18:35:09 EDT 2001


On Wed, Jun 20, 2001 at 02:14:32PM -0700, Joe McAlerney wrote:
> Hello Brent,
> 
> Make sure you configure snort with the --enable-flexresp tag, then
> recompile.  Post back if you still have problems.
> 
> -Joe M.
> 
> -- 
> |   Joe McAlerney     joey at ...155...   |
> | Silicon Defense - Technical Support for Snort |
> |       http://www.silicondefense.com/          |
> +--                                           --+

Thanks for your prompt answer.  This is a bit difficult, as there is
no compiler on this box.  I tried compiling it on a different machine
(after installing libpcap, etc), but I'm having some troubles; the
"configure" script automatically selects 'gcc'.  How do I choose Sun's
'cc' instead?

Does anyone know of a (preferably statically linked) binary package
for Solaris that has the --enable-flexresp option turned on?

Many thanks,

Brent


 
> Brent Kearney wrote:
> > 
> > Hello,
> > 
> > I have installed Libnet 1.0.2a on a solaris 2.7 box that is
> > running snort 1.7.  After adding a rule,
> > 
> > alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (logto:"/var/log/snort/lp.log"; resp:rst_all,icmp_port; msg:"l
> > p service is protected. Connection attempt logged.";)
> > 
> > Snort refuses to start:
> > 
> > snort -A full -c /usr/local/etc/snort.conf -i le0 -l /var/log/snort -v
> > 
> >         --== Initializing Snort ==--
> > 
> > Initializing Network Interface le0
> > Decoding Ethernet on interface le0
> > Initializing Preprocessors!
> > Initializing Plug-ins!
> > Initializating Output Plugins!
> > 
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > Initializing rule chains...
> > 
> > ERROR: /usr/local/etc/snort.conf (77) => Unknown keyword "resp" in rule!
> > 
> > Any suggestions would be appreciated.  Please CC: brent at ...2359...,
> > because I'm not on the list.
> > 
> > Thanks,
> > 
> > -Brent
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list