[Snort-users] snort idmef plugin

yuedong wu ywu666 at ...131...
Wed Nov 26 15:39:05 EST 2003


Matt,

I used the following steps to install idmef and
snort2.0.4:

1. install libxml2 2.6.2
2. install libidmef 0.7.2
3. tar -zxvf snort-idmef-plugin-1.2.1alpha2.0.5.tar.gz
4. tar -zxvf snort-2.0.4
5. cd snort-2.0.4
6. apply the following patches.
   + configure.in.diff - apply to top level
configure.in file in snort.
   + src_plugbase.c.diff - apply to snort's
./src/plugbase.c file.
   + src_plugin_enum.h.diff - apply to snort's
./src/plugin_enum.h file.
   + src_output-plugins_Makefile.am.diff - apply to
snort's
	                          
./src/output-plugins/Makefile.am
7. Copy spo_idmef.c and spo_idmef.h from snort-idmef
directory to snort's ./src/output-plugins directory.
8. mkdir /etc/snort
9. mkdir /var/log/snort
10. Run autoconf at snort's root directory
11. At snort's root directory run ./configure
--enable-idmef --with-mysql=/usr/local/mysql 
              
--with-libxml2-includes=/usr/local/include/libxml2
--with-libxml2-libraries=/usr/local/lib
              
--with-libidmef-includes=/usr/local/include
--with-libidmef-libraries=/usr/local/lib
   
12. make
13. make install
14. cd rules
15. cp * /etc/snort
16. add "idmef:default" for each rule in each rule
files
17. cd ../etc
18. cp snort.conf /etc/snort
19. cp *.config /etc/snort
20. modify snort.conf to make RULE_PATH to /etc/snort
21. snort -?

error msg: 
snort: error while loading shared libraries:
libidmef.so.0: cannot open shared object file: No such
file or directory

Do you think I still need set up load lib to
/usr/local/lib in /etc/ld.so.conf?

Thanks,

Yuedong 

--- Matt Kettler <mkettler at ...4108...> wrote:
> At 04:04 PM 11/25/2003, yuedong wu wrote:
> >I have tried your latest version. The installation
> >process looks fine. However when I ran the snort,
> it
> >reports error information: error load
> libidmef.so.0,
> >cannot find file or directory. But the file
> >libidmef.so.0 is in /usr/local/lib dir, which is
> the
> >default lib dir.
> >
> >Can you help me out? Thanks,
> 
> is your /etc/ld.so.conf set up to load libraries in
> /usr/local/lib?
> 
> Most systems will not honor /usr/local/lib by
> default.
> 


__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/




More information about the Snort-users mailing list