[Snort-users] Compiling snort-1.8.2 with snmp support

Kyley.Stabenow at ...4009... Kyley.Stabenow at ...4009...
Mon Nov 5 16:32:49 EST 2001


use the flags ./configure --with-snmp -with-openssl

that should work....

Kyle Stabenow
kyley.stabenow at ...4009...




   Send Snort-users mailing list submissions to
            snort-users at lists.sourceforge.net

   To subscribe or unsubscribe via the World Wide Web, visit
            https://lists.sourceforge.net/lists/listinfo/snort-users
   or, via email, send a message with subject or body 'help' to
            snort-users-request at lists.sourceforge.net

   You can reach the person managing the list at
            snort-users-admin at lists.sourceforge.net

   When replying, please edit your Subject line so it is more specific
   than "Re: Contents of Snort-users digest..."


   Today's Topics:

      1. Compiling snort-1.8.2 with snmp support (Michael Aylor)
      2. Rules bringed with 1.8.2 (Federico)
      3. Acid X portscan (Alex Rodrigues)
      4. New 1.8.2 Win32 Install (SkatFiend at ...661...)
      5. Re: barnyard (Andrew R. Baker)
      6. 1.8.2 problem (Richard Silver)
      7. Re: Rules bringed with 1.8.2 (Chris Green)
      8. RE: Compiling snort-1.8.2 with snmp support (Robert D. Hughes)

   --__--__--

   Message: 1
   From: Michael Aylor <maylor at ...1991...>
   To: "'snort-users at lists.sourceforge.net'"
             <snort-users at lists.sourceforge.net>
   Date: Mon, 5 Nov 2001 09:11:49 -0600
   Subject: [Snort-users] Compiling snort-1.8.2 with snmp support

   This message is in MIME format. Since your mail reader does not
   understand
   this format, some or all of this message may not be legible.

   ------_=_NextPart_001_01C1660C.311C1810
   Content-Type: text/plain;
            charset="iso-8859-1"

   Hey all,

   Apologies if this question has already been asked and answered...

   I'm trying to compile snort-1.8.2 on a RH7.1 box.  I've compiled and
   installed ucd-snmp-4.2.2 from source, and subsequently editted the
   /etc/ld.so.conf file to include the path /usr/local/lib (and after
   saving, I
   run ldconfig).  When I begin the snort config, I use the switches
   "./configure --with-mysql --with-snmp".  I know that the mysql portion
   works
   because if I just use the --with-mysql and not --with-snmp, it works
   fine.

   It then runs through the config with no errors.  I then run make, and
   this
   is the output it gives me.

   gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap
   -I/usr/include/mysql
   -DENABLE_MYSQL -I/usr/local/include -DENABLE_SNMP  -g -O2 -Wall -c
   spo_log_null.c
   gcc  -g -O2 -Wall -L/usr/lib/mysql -L/usr/local/lib  -o snort  snort.o
   log.o
   decode.o mstring.o rules.o plugbase.o sp_pattern_match.o
   sp_tcp_flag_check.o
   sp_icmp_type_check.o sp_icmp_code_check.o sp_ttl_check.o
   sp_ip_id_check.o
   sp_tcp_ack_check.o sp_tcp_seq_check.o sp_dsize_check.o spp_http_decode.o
   spp_portscan.o sp_ipoption_check.o sp_rpc_check.o sp_icmp_id_check.o
   sp_icmp_seq_check.o sp_respond.o spo_alert_syslog.o spo_log_tcpdump.o
   spo_database.o sp_session.o spp_defrag.o parser.o spo_alert_fast.o
   spo_alert_full.o spo_alert_smb.o spo_alert_unixsock.o sp_react.o
   spo_xml.o
   sp_ip_tos_check.o snprintf.o checksum.o spp_tcp_stream2.o sp_reference.o
   sp_ip_fragbits.o spp_anomsensor.o tag.o spp_unidecode.o codes.o
   strlcpyu.o
   strlcatu.o debug.o sp_tcp_win_check.o spp_rpc_decode.o spp_bo.o
   spp_telnet_negotiation.o spo_csv.o sp_ip_same_check.o sp_priority.o
   sp_ip_proto.o ubi_BinTree.o ubi_SplayTree.o spo_unified.o spp_stream4.o
   spp_frag2.o spp_arpspoof.o spo_idmef.o spo_SnmpTrap.o spo_log_null.o
   -lz
   -lpcap -lm -lnsl  -lmysqlclient -lsnmp
   /usr/local/lib/libsnmp.a(keytools.o): In function `generate_Ku':
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:124: undefined reference to
   `EVP_md5'
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:126: undefined reference to
   `EVP_sha1'
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:126: undefined reference to
   `EVP_DigestInit'
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:141: undefined reference to
   `EVP_DigestUpdate'
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:153: undefined reference to
   `EVP_DigestFinal'
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_random':
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:150: undefined reference to
   `RAND_bytes'
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_generate_keyed_hash':
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:255: undefined reference to
   `EVP_md5'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:258: undefined reference to
   `EVP_sha1'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:258: undefined reference to
   `HMAC'
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_hash':
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:345: undefined reference to
   `EVP_md5'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:348: undefined reference to
   `EVP_sha1'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:348: undefined reference to
   `EVP_DigestInit'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:353: undefined reference to
   `EVP_DigestUpdate'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:354: undefined reference to
   `EVP_DigestFinal'
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_encrypt':
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:592: undefined reference to
   `des_key_sched'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:596: undefined reference to
   `des_ncbc_encrypt'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:600: undefined reference to
   `des_ncbc_encrypt'
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_decrypt':
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:715: undefined reference to
   `des_key_sched'
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:718: undefined reference to
   `des_cbc_encrypt'
   collect2: ld returned 1 exit status
   make: *** [snort] Error 1

   Any clues as to why it keeps failing?


   Mike Aylor
   maylor at ...1991...


   CONFIDENTIALITY NOTICE:

   ************************************************************************

   The information contained in this ELECTRONIC MAIL transmission
   is confidential.  It may also be privileged work product or proprietary
   information. This information is intended for the exclusive use of the
   addressee(s).  If you are not the intended recipient, you are hereby
   notified that any use, disclosure, dissemination, distribution [other
   than to the addressee(s)], copying or taking of any action because
   of this information is strictly prohibited.

   ************************************************************************

   ------_=_NextPart_001_01C1660C.311C1810
   Content-Type: text/html; charset="iso-8859-1"
   Content-Transfer-Encoding: quoted-printable

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
   <HTML>
   <HEAD>
   <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
   charset=3Diso-8859-=
   1">
   <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version
   5.5.2653.12">
   <TITLE>Compiling snort-1.8.2 with snmp support</TITLE>
   </HEAD>
   <BODY>

   <P><FONT SIZE=3D2 FACE=3D"Arial">Hey all,</FONT>
   </P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">Apologies if this question has already
   bee=
   n asked and answered...</FONT>
   </P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">I'm trying to compile snort-1.8.2 on a
   RH7=
   .1 box.  I've compiled and installed ucd-snmp-4.2.2 from source,
   and s=
   ubsequently editted the /etc/ld.so.conf file to include the path
   /usr/local=
   /lib (and after saving, I run ldconfig).  When I begin the snort
   confi=
   g, I use the switches "./configure --with-mysql --with-snmp".
   &nbs=
   p; I know that the mysql portion works because if I just use the
   --with-mys=
   ql and not --with-snmp, it works fine.</FONT></P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">It then runs through the config with no
   er=
   rors.  I then run make, and this is the output it gives me. 
   </FO=
   NT>
   </P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">gcc -DHAVE_CONFIG_H -I. -I. -I.
   -I/usr/inc=
   lude/pcap  -I/usr/include/mysql -DENABLE_MYSQL -I/usr/local/include
   -D=
   ENABLE_SNMP  -g -O2 -Wall -c spo_log_null.c</FONT></P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">gcc  -g -O2 -Wall -L/usr/lib/mysql
   -L=
   /usr/local/lib  -o snort  snort.o log.o decode.o mstring.o
   rules.=
   o plugbase.o sp_pattern_match.o sp_tcp_flag_check.o sp_icmp_type_check.o
   sp=
   _icmp_code_check.o sp_ttl_check.o sp_ip_id_check.o sp_tcp_ack_check.o
   sp_tc=
   p_seq_check.o sp_dsize_check.o spp_http_decode.o spp_portscan.o
   sp_ipoption=
   _check.o sp_rpc_check.o sp_icmp_id_check.o sp_icmp_seq_check.o
   sp_respond.o=
    spo_alert_syslog.o spo_log_tcpdump.o spo_database.o sp_session.o
   spp_defra=
   g.o parser.o spo_alert_fast.o spo_alert_full.o spo_alert_smb.o
   spo_alert_un=
   ixsock.o sp_react.o spo_xml.o sp_ip_tos_check.o snprintf.o checksum.o
   spp_t=
   cp_stream2.o sp_reference.o sp_ip_fragbits.o spp_anomsensor.o tag.o
   spp_uni=
   decode.o codes.o strlcpyu.o strlcatu.o debug.o sp_tcp_win_check.o
   spp_rpc_d=
   ecode.o spp_bo.o spp_telnet_negotiation.o spo_csv.o sp_ip_same_check.o
   sp_p=
   riority.o sp_ip_proto.o ubi_BinTree.o ubi_SplayTree.o spo_unified.o
   spp_str=
   eam4.o spp_frag2.o spp_arpspoof.o spo_idmef.o spo_SnmpTrap.o
   spo_log_null.o=
     -lz -lpcap -lm -lnsl  -lmysqlclient -lsnmp</FONT></P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">/usr/local/lib/libsnmp.a(keytools.o):
   In f=
   unction `generate_Ku':</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/keytools=
   .c:124: undefined reference to `EVP_md5'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/keytools=
   .c:126: undefined reference to `EVP_sha1'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/keytools=
   .c:126: undefined reference to `EVP_DigestInit'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/keytools=
   .c:141: undefined reference to `EVP_DigestUpdate'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/keytools=
   .c:153: undefined reference to `EVP_DigestFinal'</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">/usr/local/lib/libsnmp.a(scapi.o): In
   fun=
   ction `sc_random':</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   150: undefined reference to `RAND_bytes'</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">/usr/local/lib/libsnmp.a(scapi.o): In
   fun=
   ction `sc_generate_keyed_hash':</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   255: undefined reference to `EVP_md5'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   258: undefined reference to `EVP_sha1'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   258: undefined reference to `HMAC'</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">/usr/local/lib/libsnmp.a(scapi.o): In
   fun=
   ction `sc_hash':</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   345: undefined reference to `EVP_md5'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   348: undefined reference to `EVP_sha1'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   348: undefined reference to `EVP_DigestInit'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   353: undefined reference to `EVP_DigestUpdate'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   354: undefined reference to `EVP_DigestFinal'</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">/usr/local/lib/libsnmp.a(scapi.o): In
   fun=
   ction `sc_encrypt':</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   592: undefined reference to `des_key_sched'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   596: undefined reference to `des_ncbc_encrypt'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   600: undefined reference to `des_ncbc_encrypt'</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">/usr/local/lib/libsnmp.a(scapi.o): In
   fun=
   ction `sc_decrypt':</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   715: undefined reference to `des_key_sched'</FONT>
   <BR><FONT SIZE=3D2
   FACE=3D"Arial">/packages/ucd-snmp-4.2.2/snmplib/scapi.c:=
   718: undefined reference to `des_cbc_encrypt'</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">collect2: ld returned 1 exit
   status</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">make: *** [snort] Error 1</FONT>
   </P>

   <P><FONT SIZE=3D2 FACE=3D"Arial">Any clues as to why it keeps
   failing?</FON=
   T>
   </P>
   <BR>

   <P><FONT SIZE=3D2 FACE=3D"Arial">Mike Aylor</FONT>
   <BR><FONT SIZE=3D2 FACE=3D"Arial">maylor at ...1991...</FONT>
   </P>

   <CODE><FONT SIZE=3D3><BR>
   <BR>
   CONFIDENTIALITY NOTICE:<BR>
   <BR>
   ************************************************************************<BR>

   <BR>
   The information contained in this ELECTRONIC MAIL transmission<BR>
   is confidential.  It may also be privileged work product or
   proprietary<BR>
   information. This information is intended for the exclusive use of
   the<BR>
   addressee(s).  If you are not the intended recipient, you are hereby<BR>
   notified that any use, disclosure, dissemination, distribution
   [other<BR>
   than to the addressee(s)], copying or taking of any action because<BR>
   of this information is strictly prohibited.<BR>
   <BR>
   ************************************************************************<BR>

   </FONT></CODE></BODY>
   </HTML>
   ------_=_NextPart_001_01C1660C.311C1810--


   --__--__--

   Message: 2
   From: "Federico" <egopfe at ...125...>
   To: <snort-users at lists.sourceforge.net>
   Date: Mon, 5 Nov 2001 16:31:03 +0100
   Subject: [Snort-users] Rules bringed with 1.8.2

   The Default Rule-Files bringed with snort 1.8.2 give errors with
   classtype.... did someone noticed it ?


   --__--__--

   Message: 3
   From: "Alex Rodrigues" <alex at ...3156...>
   To: <snort-users at lists.sourceforge.net>
   Date: Mon, 5 Nov 2001 13:59:43 -0300
   Subject: [Snort-users] Acid X portscan

   What I have to configure to see all portscans traffic in my Acid?
   Thanks.
   Alex




   --__--__--

   Message: 4
   From: SkatFiend at ...661...
   Date: Mon, 5 Nov 2001 11:46:54 EST
   To: snort-users at lists.sourceforge.net
   Subject: [Snort-users] New 1.8.2 Win32 Install

   Is the snort binary in the new 1.8.2 Win32 install complied for MSSQL
   support?

   If not is there a static v1.8.2 available with MSSQL support?


   Thanks, Cliff Arms


   --__--__--

   Message: 5
   Date: Mon, 05 Nov 2001 09:12:41 -0800
   From: "Andrew R. Baker" <andrewb at ...950...>
   To: ntimm at ...1692...
   CC: snort-users at lists.sourceforge.net
   Subject: Re: [Snort-users] barnyard


   You probably need to be using a more recent version of Snort.  I think
   build 84 of Snort is the oldest build that is compatible with barnyard.
   Of course you could just upgrade to Snort 1.8.2.

   -Andrew


   > Neal Timm wrote:
   >
   > I am getting these errors when using barnyard
   > Unable to find SID (2, 3)
   > Unable to find SID (0, 1004957390)
   > and other similar Unable to fine SID
   > It also is not getting the ip address in the alert
   > [Priority: 0] {ICMP} 0.0.0.0 -> 1.0.0.0
   > First time barnyard user any help would be appreciated.
   > Am using snort 1.8.1 on redhat 7.1 with newest version of barnyard of
   > snort website.


   --__--__--

   Message: 6
   From: Richard Silver <richard.silver at ...4000...>
   To: snort-users at lists.sourceforge.net
   Date: 05 Nov 2001 11:30:38 -0600
   Subject: [Snort-users] 1.8.2 problem

   Just d/l'd and installed 1.8.2 from source. Same procedure I've used for
   1.8.0 & 1.8.1. Everything compiles happily, but no matter what I do, it
   gives me the following message in my /var/log/messages:

   snort: FATAL ERROR: database: The underlying database seems to be
   running an older version of the DB schema. Please re-run the appropriate
   DB creation script (e.g. create_mysql, create_postgresql, create_oracle)
   located in the contrib\ directory.

   I went ahead and re-created to see if that was really the problem - no
   dice, same message. Re-compiled, same problem. Snort will start just
   logging to the local logging facility, but not to MySQL. (And yes, it
   does find and compile for MySQL, no errors. Also yes, been thru the FAQ
   )

   Re-installed 1.8.1 from scratch, using DB I created from 1.8.2
   create_mysql script, works fine.

   Anyone else seeing this?

   Thanks,

   Richard


   Richard Silver
   Sr. Network Engineer
   East Alabama Medical Center



   --__--__--

   Message: 7
   To: "Federico" <egopfe at ...125...>
   Cc: <snort-users at lists.sourceforge.net>
   Subject: Re: [Snort-users] Rules bringed with 1.8.2
   From: Chris Green <cmg at ...671...>
   Reply-To: snort-users at lists.sourceforge.net
   Date: Mon, 05 Nov 2001 11:33:49 -0600

   "Federico" <egopfe at ...125...> writes:

   > The Default Rule-Files bringed with snort 1.8.2 give errors with
   > classtype.... did someone noticed it ?

   I haven't seen this error. What error do you get? Did you install the
   new classification.config

   --
   Chris Green <cmg at ...671...>
   Laugh and the world laughs with you, snore and you sleep alone.


   --__--__--

   Message: 8
   Subject: RE: [Snort-users] Compiling snort-1.8.2 with snmp support
   Date: Mon, 5 Nov 2001 11:38:08 -0600
   From: "Robert D. Hughes" <rob at ...1932...>
   To: "Michael Aylor" <maylor at ...1991...>,
            <snort-users at lists.sourceforge.net>

   This is a multi-part message in MIME format.

   ------_=_NextPart_001_01C16620.A1E90BE4
   Content-Type: multipart/alternative;
            boundary="----_=_NextPart_002_01C16620.A1E90BE4"


   ------_=_NextPart_002_01C16620.A1E90BE4
   Content-Type: text/plain;
            charset="iso-8859-1"
   Content-Transfer-Encoding: quoted-printable


   -----BEGIN PGP SIGNED MESSAGE-----
   Hash: SHA1

   When you compiled UCD, did you compile in SNMP V3 support? I believe its
   the default, but I'm not sure. At any rate, those messages are all
   related to V3 stuff.
   =20
   Rob

   - -----Original Message-----
   From: Michael Aylor [mailto:maylor at ...1991...]
   Sent: Monday, November 05, 2001 9:12 AM
   To: 'snort-users at lists.sourceforge.net'
   Subject: [Snort-users] Compiling snort-1.8.2 with snmp support



   Hey all,=20

   Apologies if this question has already been asked and answered...=20

   I'm trying to compile snort-1.8.2 on a RH7.1 box.  I've compiled and
   installed ucd-snmp-4.2.2 from source, and subsequently editted the
   /etc/ld.so.conf file to include the path /usr/local/lib (and after
   saving, I run ldconfig).  When I begin the snort config, I use the
   switches "./configure --with-mysql --with-snmp".  I know that the mysql
   portion works because if I just use the --with-mysql and not
   --with-snmp, it works fine.

   It then runs through the config with no errors.  I then run make, and
   this is the output it gives me. =20

   gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap
   -I/usr/include/mysql -DENABLE_MYSQL -I/usr/local/include -DENABLE_SNMP
   -g -O2 -Wall -c spo_log_null.c

   gcc  -g -O2 -Wall -L/usr/lib/mysql -L/usr/local/lib  -o snort  snort.o
   log.o decode.o mstring.o rules.o plugbase.o sp_pattern_match.o
   sp_tcp_flag_check.o sp_icmp_type_check.o sp_icmp_code_check.o
   sp_ttl_check.o sp_ip_id_check.o sp_tcp_ack_check.o sp_tcp_seq_check.o
   sp_dsize_check.o spp_http_decode.o spp_portscan.o sp_ipoption_check.o
   sp_rpc_check.o sp_icmp_id_check.o sp_icmp_seq_check.o sp_respond.o
   spo_alert_syslog.o spo_log_tcpdump.o spo_database.o sp_session.o
   spp_defrag.o parser.o spo_alert_fast.o spo_alert_full.o spo_alert_smb.o
   spo_alert_unixsock.o sp_react.o spo_xml.o sp_ip_tos_check.o snprintf.o
   checksum.o spp_tcp_stream2.o sp_reference.o sp_ip_fragbits.o
   spp_anomsensor.o tag.o spp_unidecode.o codes.o strlcpyu.o strlcatu.o
   debug.o sp_tcp_win_check.o spp_rpc_decode.o spp_bo.o
   spp_telnet_negotiation.o spo_csv.o sp_ip_same_check.o sp_priority.o
   sp_ip_proto.o ubi_BinTree.o ubi_SplayTree.o spo_unified.o spp_stream4.o
   spp_frag2.o spp_arpspoof.o spo_idmef.o spo_SnmpTrap.o spo_log_null.o
   -lz -lpcap -lm -lnsl  -lmysqlclient -lsnmp

   /usr/local/lib/libsnmp.a(keytools.o): In function `generate_Ku':=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:124: undefined reference to
   `EVP_md5'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:126: undefined reference to
   `EVP_sha1'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:126: undefined reference to
   `EVP_DigestInit'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:141: undefined reference to
   `EVP_DigestUpdate'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:153: undefined reference to
   `EVP_DigestFinal'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_random':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:150: undefined reference to
   `RAND_bytes'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_generate_keyed_hash':

   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:255: undefined reference to
   `EVP_md5'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:258: undefined reference to
   `EVP_sha1'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:258: undefined reference to
   `HMAC'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_hash':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:345: undefined reference to
   `EVP_md5'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:348: undefined reference to
   `EVP_sha1'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:348: undefined reference to
   `EVP_DigestInit'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:353: undefined reference to
   `EVP_DigestUpdate'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:354: undefined reference to
   `EVP_DigestFinal'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_encrypt':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:592: undefined reference to
   `des_key_sched'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:596: undefined reference to
   `des_ncbc_encrypt'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:600: undefined reference to
   `des_ncbc_encrypt'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_decrypt':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:715: undefined reference to
   `des_key_sched'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:718: undefined reference to
   `des_cbc_encrypt'=20
   collect2: ld returned 1 exit status=20
   make: *** [snort] Error 1=20

   Any clues as to why it keeps failing?=20


   Mike Aylor=20
   maylor at ...1991...=20



   CONFIDENTIALITY NOTICE:

   ************************************************************************

   The information contained in this ELECTRONIC MAIL transmission
   is confidential. It may also be privileged work product or proprietary
   information. This information is intended for the exclusive use of the
   addressee(s). If you are not the intended recipient, you are hereby
   notified that any use, disclosure, dissemination, distribution [other
   than to the addressee(s)], copying or taking of any action because
   of this information is strictly prohibited.

   ************************************************************************



   -----BEGIN PGP SIGNATURE-----
   Version: PGP 7.0.4

   iQA/AwUBO+bOgOa2P6TrxG1EEQJnvgCgmLlYZ1X7NufaqBSkvIalN8l3vwUAniEy
   AIcGjf/R2PYE86ZxDEbbBZqx
   =3DZZVJ
   -----END PGP SIGNATURE-----


   ------_=_NextPart_002_01C16620.A1E90BE4
   Content-Type: text/html;
            charset="iso-8859-1"
   Content-Transfer-Encoding: quoted-printable

   <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
   charset=3Diso-8859-1">
   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <HTML><HEAD>

   <TITLE>Compiling snort-1.8.2 with snmp support</TITLE>

   <META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR></HEAD>
   <BODY><PRE>
   -----BEGIN PGP SIGNED MESSAGE-----
   Hash: SHA1

   When you compiled UCD, did you compile in SNMP V3 support? I believe its
   =
   the default, but I'm not sure. At any rate, those messages are all =
   related to V3 stuff.
   =20
   Rob

   - -----Original Message-----
   From: Michael Aylor [mailto:maylor at ...1991...]
   Sent: Monday, November 05, 2001 9:12 AM
   To: 'snort-users at lists.sourceforge.net'
   Subject: [Snort-users] Compiling snort-1.8.2 with snmp support



   Hey all,=20

   Apologies if this question has already been asked and answered...=20

   I'm trying to compile snort-1.8.2 on a RH7.1 box.  I've compiled and =
   installed ucd-snmp-4.2.2 from source, and subsequently editted the =
   /etc/ld.so.conf file to include the path /usr/local/lib (and after =
   saving, I run ldconfig).  When I begin the snort config, I use the =
   switches "./configure --with-mysql --with-snmp".  I know that the mysql
   =
   portion works because if I just use the --with-mysql and not =
   --with-snmp, it works fine.

   It then runs through the config with no errors.  I then run make, and =
   this is the output it gives me. =20

   gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap  =
   -I/usr/include/mysql -DENABLE_MYSQL -I/usr/local/include -DENABLE_SNMP
   =
   -g -O2 -Wall -c spo_log_null.c

   gcc  -g -O2 -Wall -L/usr/lib/mysql -L/usr/local/lib  -o snort  snort.o =
   log.o decode.o mstring.o rules.o plugbase.o sp_pattern_match.o =
   sp_tcp_flag_check.o sp_icmp_type_check.o sp_icmp_code_check.o =
   sp_ttl_check.o sp_ip_id_check.o sp_tcp_ack_check.o sp_tcp_seq_check.o =
   sp_dsize_check.o spp_http_decode.o spp_portscan.o sp_ipoption_check.o =
   sp_rpc_check.o sp_icmp_id_check.o sp_icmp_seq_check.o sp_respond.o =
   spo_alert_syslog.o spo_log_tcpdump.o spo_database.o sp_session.o =
   spp_defrag.o parser.o spo_alert_fast.o spo_alert_full.o spo_alert_smb.o
   =
   spo_alert_unixsock.o sp_react.o spo_xml.o sp_ip_tos_check.o snprintf.o =
   checksum.o spp_tcp_stream2.o sp_reference.o sp_ip_fragbits.o =
   spp_anomsensor.o tag.o spp_unidecode.o codes.o strlcpyu.o strlcatu.o =
   debug.o sp_tcp_win_check.o spp_rpc_decode.o spp_bo.o =
   spp_telnet_negotiation.o spo_csv.o sp_ip_same_check.o sp_priority.o =
   sp_ip_proto.o ubi_BinTree.o ubi_SplayTree.o spo_unified.o spp_stream4.o
   =
   spp_frag2.o spp_arpspoof.o spo_idmef.o spo_SnmpTrap.o spo_log_null.o  =
   -lz -lpcap -lm -lnsl  -lmysqlclient -lsnmp

   /usr/local/lib/libsnmp.a(keytools.o): In function `generate_Ku':=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:124: undefined reference to
   =
   `EVP_md5'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:126: undefined reference to
   =
   `EVP_sha1'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:126: undefined reference to
   =
   `EVP_DigestInit'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:141: undefined reference to
   =
   `EVP_DigestUpdate'=20
   /packages/ucd-snmp-4.2.2/snmplib/keytools.c:153: undefined reference to
   =
   `EVP_DigestFinal'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_random':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:150: undefined reference to =
   `RAND_bytes'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_generate_keyed_hash':
   =

   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:255: undefined reference to =
   `EVP_md5'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:258: undefined reference to =
   `EVP_sha1'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:258: undefined reference to =
   `HMAC'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_hash':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:345: undefined reference to =
   `EVP_md5'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:348: undefined reference to =
   `EVP_sha1'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:348: undefined reference to =
   `EVP_DigestInit'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:353: undefined reference to =
   `EVP_DigestUpdate'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:354: undefined reference to =
   `EVP_DigestFinal'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_encrypt':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:592: undefined reference to =
   `des_key_sched'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:596: undefined reference to =
   `des_ncbc_encrypt'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:600: undefined reference to =
   `des_ncbc_encrypt'=20
   /usr/local/lib/libsnmp.a(scapi.o): In function `sc_decrypt':=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:715: undefined reference to =
   `des_key_sched'=20
   /packages/ucd-snmp-4.2.2/snmplib/scapi.c:718: undefined reference to =
   `des_cbc_encrypt'=20
   collect2: ld returned 1 exit status=20
   make: *** [snort] Error 1=20

   Any clues as to why it keeps failing?=20


   Mike Aylor=20
   maylor at ...1991...=20



   CONFIDENTIALITY NOTICE:

   ************************************************************************

   The information contained in this ELECTRONIC MAIL transmission
   is confidential. It may also be privileged work product or proprietary
   information. This information is intended for the exclusive use of the
   addressee(s). If you are not the intended recipient, you are hereby
   notified that any use, disclosure, dissemination, distribution [other
   than to the addressee(s)], copying or taking of any action because
   of this information is strictly prohibited.

   ************************************************************************



   -----BEGIN PGP SIGNATURE-----
   Version: PGP 7.0.4

   iQA/AwUBO+bOgOa2P6TrxG1EEQJnvgCgmLlYZ1X7NufaqBSkvIalN8l3vwUAniEy
   AIcGjf/R2PYE86ZxDEbbBZqx
   =3DZZVJ
   -----END PGP SIGNATURE-----

   </PRE></BODY></HTML>
   ------_=_NextPart_002_01C16620.A1E90BE4--

   ------_=_NextPart_001_01C16620.A1E90BE4
   Content-Type: application/octet-stream;
            name="PGPexch.htm.asc"
   Content-Transfer-Encoding: base64
   Content-Description: PGPexch.htm.asc
   Content-Disposition: attachment;
            filename="PGPexch.htm.asc"

   LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQpWZXJzaW9uOiBQR1AgNy4wLjQNCg0Kb3dITldV

   dHZHOGtSZGhMc3hZQU9lMHNPQVhvVllQMkFPRU5Tb21YTGxMd1VTYThJVTVRc1VUWU13NkNiTXox

   aw0KTDJlNlo3dDdKTkdISU5kY0FnUzVKUUdTQUxrbVFDNzVCVDRHK1FXNUJWa2dDSExmUTRDa3F1

   Y2hVclpYTkNDdA0KUTVnV3B4OWZ2YjZxNmFuNTZiVUgzL3ZvTy9lLyt1dFB2dnJ6ZzkvLzYzWFUr

   dmk3Zi92VHRkLys3ai8vK01zSg0KZmYzb3g3LzU3OUxHOTM5OXEvMzY0Nit2L2VxajlhLy9QZnI3

   SCsvK29QbXpuLytpdTNQMHkxZWYvUE1QUHh5Yg0KYS9pcGY5TGFhL2FmN2JmSlRuKzNTL2FQdHJ1

   ZEpsa3V1ZTdUMWFicnR2cXRkR0xOS1pPK29rSnp3Nldnb2V1Mg0KZTh0YlM5ZnJPTHRWMzJrM1du

   aTEyKzQzWUVOL3Y5UitmTlI1c3JuY2xNSXdZVXI5YWN5V1NYT3YxMi8zK3B2TA0KaHAwYWQyeWk4

   RDd4eGxScFpqYWZjdUhMRTEycVZHdFZpOXp2OUx2dHJhYU1ZaDV5TVNKYVNHVktGZWV1VXlVbg0K

   M0l4aElJcUpUdUlZeHV0dXVuenBlcTZGbDByZVhONDl0QmJVbkZyWldidGJYbmVxcStYeU1oRTBZ

   cHVmdDN2dA0KZzBaLzcyQ3I3dVkyYk8rMW51SGZWdWZKVnYxd3Y5RWpYa2kxM2x5OWM2Kzh2cnBl

   V1MrVmE1Vkt0Vnl1Yk5VZg0KZ2tFa29CN2JiQ2hPUXhBYVNyWDVveko4Z29Cby9vcHRWcmVlanBr

   Z1M5ZW5Nb0Y1dEliNTVLalpXaUUrOThuTQ0KS09HQ0hQWjI5OG1UMWR5c0I2UkRoaXprN0JobWpT

   Wm16SWpQQXBxRVpnVWdoNGtoblJzUkVkTEFEc1VjMGpDRQ0KaWlsUjFMQVZXQzAxSXhIVG1vNllK

   bFF4UXNPUUtCYkN0RStNUkVsTDE3Vkpnc0NwdTJnTStBRk5oajlvL3FWNA0KQVFTa2ZwaVg4S2tZ

   NnZqK1ZjZzVrTU4zR0xQZDNXcytlbnkwMTBlaUVJSkNNM0Y3aVFtbG5PeW12dHBoMUdjSw0KNHFN

   MlE2UEFhWHdrTmtNV21Ga2QrblFzSTBvUUtCTmN3cytlNGlNT0dVSXlMRHRZM3dhR2JXODlWRExh

   cUx2Yg0KVzJTWEErOVpTQnBUTU1GaVBJOG9ENDNjaUNnT2ZhWlBobFJNektrRDVIaVJiVDhFUG1m

   YnBmRHBkSVgwNURHTA0KaHFCcXViWkMwRW5rM2thbGF2RWF1OW11dmt6MzNFZ1RLTkZNNmM5Q3Jv

   MTJ0RXlVeHdLcFJzd1J6TnpJNVNURA0KTDVpWGliSzZIWjV0ZlVFV1RVa0xkbkFXOWpRSTRQYjlO

   ME9aZVhDSFRaR2lLOWtlVW5mM0w5clNpSUVGSXc3OA0KNWdFd25tdnlaY0kwVmlreXBrRDZVRUV3

   cDVCRmtJUlVUNEQzQ0VpRkQxOTl3aFR6SGNkNUQzbVliMFpOMFh4SQ0Kb0R4MVp6MEJraWs1MkZs

   M0tsYlVVSjQ2S2RraFZ5R1BpeHFBT25DaERSZ01WNG5ubDlCOXBUV25DaUFCVUlXaw0KOFZteEt5

   M1BrcUZtWUo0dzRaUXdueHVieGxBVFhHWThOL1Fob01BWEVaQUFkUUwxdVBEQ3hHZDJUVXdoUUlq

   aQ0KSmxxNW9mU2dpb2Q4U0c1YVh3UUdXS1RwTWRpMUFrVkhKWUtFUG1MeDBhMWNmVnZJc0NBQndT

   MmsxUWt0SitsSw0KM0Fra3NYTWFDT0dOSVN6TGpwdk9Rb0VpcFJMeXBCUk45WmRoZm9GV0wrY3lF

   TEpESmtLZUFBbzFGaXBkalp6Qw0KcUo1SU5kR2doRWRSRkFTOVE3NUl0Q2tFejRuSVBZY1Zja2Jj

   Q2xUVERDamdncDBWdjR2RGIxVVM2Q0FzeDBvbQ0KbzdFVm05cVlwb0dRVmloVFNpcGRCTC9ZU0NJ

   NnlhSnFDY3ZUd2k0VEUwTkJCODFHL0JnY0Y3RlpweXl1NHNqeg0KU0ttMTAzalNIc0FOOTJIbjg4

   RU9LWFdjNG92YlN4M0xnb3dmYnV6Uk9KTjFiaWFMVkt2ZGEyeDMyNFBkWjRlUA0KdTdNSUtZOXlu

   aFhyOEQ2V0E0NUlhYTlLU2sveDNsUHlVdExFY2dCWk94QkpHRHJlZTVuMlZ0UnVxZ3NmWnZwYQ0K

   QmJ2elJNODN5cFN5MmFYOTdVZ0Myc0QvUHZPa3orQkhwSTJDVklCZktnbVpkdEtBeG1FeUdsS05D

   M1E4Z0lTQw0KcEJHRGlBTFIweUhqeFlNZ3BLTUJNTiticEdQY2kyQUN6ai9GWU9xQmRBTGx6YTQy

   SnB6YkRQLzh1WG1RUUwzSg0KZVN3Y2h0SXd1OUpIbjgwTXhJT3hNVENjbTRnam1GUGFvMkpHcVZq

   R21HYXpTQ3IyM2pCb1hpczdOQ3MvUTFNTQ0KSWkxOHUwZ09hTWlVR2VpcFRwMmRrd0IwOTVNb3pr

   WjhhdWlaanpYY1JFR2JBaEgxRHhURjdUR2VHOVVjZEVDMQ0KbVI5QWZzMEpqNFlGVmo2V0NINnFa

   V0VzbzE0T2NocUZSUmlNMUdjV2l4allZWUlNeWc3ckpNcWNhbU5oQUNlcQ0KNXBBQjNHZUV4d293

   TkdFSUI3cHNCeFV5MGt4b3FUSkVRMGZaRkNoWFJBei8yQzFHaFY0OFRmS2YxQ1NXdThOaw0KZEVh

   U0V5N09SU01ONUZ6OGh6TFhtWVZ3QUJnSU5wS0dVNU82SEYzZzZlTlpjZ3cwSEp0bkl3K09rSXFi

   YVdGYQ0KcktSQjFHVElCOXRjOUJWajJkVmhITkpwZHAxSEFNd0xPUE16TFZLdnJXVlg2S1JxN2lF

   VnczSVpaRnB4UDJMQg0KRE13aDFIUjRQTWs1VkpRV21TZDkrQXErV09YZ1R3UmZvY05peXBZTUR3

   N1p3cVNGSThSYnhPSkZhYjdNNEJmMw0KTy9UbWhFMk5sQ0dFN05ZRzZRZ1NKTUt6dHpBRWZEbGln

   dUU1ZmZBb3ViRlJIRUR3d0hSZXpzd1IwNDBoK2ZFMA0KNzg2ZkYxejhpZElMbVI0Y0JOYzJTQ0ln

   WWVBVzU1T0NoWGd3c0JxMG4rd1BJcjkyNDJxRTM3bFl1QjdUeW9lVA0KM3VJQVpqcUNtNnZSWWEy

   eXFBNUhNVlE5ZGpWYTFGWVgxZUloUHJZc3JzUzdXQS8zazVpL1FmbVgyaHNvT1BISQ0KNkl6c05x

   L2VKbVpSTzFOUmFHUjV3Nks5dzlDWEI0MWVhekNjR3FhdnlqN3JTN0N4eUdxSUFmTUg4QWd5dnNU

   cw0KemcydTFtcmZjbXFmU2I3N2JlZjF3cUozZGh2TmJ4YTdlR3p0YzhnNS9sNVJNRmZYUGxRd1Y5

   YytXREFYRW4wVg0KRmJwUVlQSENlTm5sK1V5RnRmK2IyZ3h5MVRRMlYxQ2NhL2VxMzF5YzRWQ0wx

   WEtnNFZqcFg3NlhhL2N1T0F1Zw0KZk9FTnozeHc2U3JjS1pldlNvWDNqelE4QUZ4UnBOY3J0UThh

   NmZYSzNZdmR2TENYTSttZURFUG1HZUJ3aUpBbQ0KVVlpZHR2YllLVGZ3Q0FiUFgzb1JLR3o3YkpE

   YnQyK1Q1N2J0OElLMHNVTmtvU3J2MC9JVVUrS0ZDYmIwTmRwMg0KTXA1aTEyakNXS3hodWUzTlBw

   aUxMbUNpWWhmZzd2SUpTenZTaTRibUxjM3FXVHZxemIxV093TW9kcTF1NVoxaA0KMjUxcXRYdjlU

   cVBiNlQrelMzcDcvVTZ6dlpFdnVYMUpueHl2bjNVdHVRaWtpdXlEcm4xVFJDMWpiRnVUYTlMdQ0K

   dHB2OWc3MWVwMGwyRzUwdU1mam1LK0syRllFb3NNUzIrM3g0WkFTUHBDMjFqaUhnRGtKRExjbVFF

   WGd3UHVZaA0KR3dFc05ocmhXdnFKWndqRUczN0NMRE5VVFMzYW1TNE82YVA4OHhwaWp4RGZadmtB

   QnFPMlc4aE9nUUthSHpQYg0KK0pUWSsyYUlSbjFmTWEwWnU2bHZPYVFUMkRkTXR1V3RtRzJENHVZ

   Q1RUR1B4L2prdTJMWDRab3hKTTNRS2dhcg0KN2RONTJvbkY5MG9nYXNXQytWeDdvY1IzVHZnYUM4

   UkZjSU5DWGUybFVYeVlXTTJmU3hDbkVBd3dCSklWeGMvcQ0KK0NJRjlHUnNlK3BvSFozWVg0RVZT

   ZFBLbGZWN0VVbG1mZjV6SGtLcEhqYkdiYWRPeVRFZmNzTjg1MHFvNU02OA0KU2lvNkJTbmJYZnND

   c2U3YU42TkwxLzhIDQo9N3F6Qg0KLS0tLS1FTkQgUEdQIE1FU1NBR0UtLS0tLQ0K

   ------_=_NextPart_001_01C16620.A1E90BE4--



   --__--__--

   _______________________________________________
   Snort-users mailing list
   Snort-users at lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/snort-users


   End of Snort-users Digest









More information about the Snort-users mailing list