[Snort-users] snort idmef plugin

yuedong wu ywu666 at ...131...
Wed Nov 26 15:39:05 EST 2003


I used the following steps to install idmef and

1. install libxml2 2.6.2
2. install libidmef 0.7.2
3. tar -zxvf snort-idmef-plugin-1.2.1alpha2.0.5.tar.gz
4. tar -zxvf snort-2.0.4
5. cd snort-2.0.4
6. apply the following patches.
   + configure.in.diff - apply to top level
configure.in file in snort.
   + src_plugbase.c.diff - apply to snort's
./src/plugbase.c file.
   + src_plugin_enum.h.diff - apply to snort's
./src/plugin_enum.h file.
   + src_output-plugins_Makefile.am.diff - apply to
7. Copy spo_idmef.c and spo_idmef.h from snort-idmef
directory to snort's ./src/output-plugins directory.
8. mkdir /etc/snort
9. mkdir /var/log/snort
10. Run autoconf at snort's root directory
11. At snort's root directory run ./configure
--enable-idmef --with-mysql=/usr/local/mysql 
12. make
13. make install
14. cd rules
15. cp * /etc/snort
16. add "idmef:default" for each rule in each rule
17. cd ../etc
18. cp snort.conf /etc/snort
19. cp *.config /etc/snort
20. modify snort.conf to make RULE_PATH to /etc/snort
21. snort -?

error msg: 
snort: error while loading shared libraries:
libidmef.so.0: cannot open shared object file: No such
file or directory

Do you think I still need set up load lib to
/usr/local/lib in /etc/ld.so.conf?



--- Matt Kettler <mkettler at ...4108...> wrote:
> At 04:04 PM 11/25/2003, yuedong wu wrote:
> >I have tried your latest version. The installation
> >process looks fine. However when I ran the snort,
> it
> >reports error information: error load
> libidmef.so.0,
> >cannot find file or directory. But the file
> >libidmef.so.0 is in /usr/local/lib dir, which is
> the
> >default lib dir.
> >
> >Can you help me out? Thanks,
> is your /etc/ld.so.conf set up to load libraries in
> /usr/local/lib?
> Most systems will not honor /usr/local/lib by
> default.

Do you Yahoo!?
Free Pop-Up Blocker - Get it now

More information about the Snort-users mailing list