[Snort-users] How to enable XML Logging in Snort 2.3.2

Jitendra Gupta jitendrakrgupta_snort at ...5176...
Tue Apr 5 00:43:56 EDT 2005


Dear Sir,
         Thanks a lot again for taking interest in my
problem.Here's my output of ./configure --help :-

snort-2.3.2]# ./configure --help|more

`configure' configures this package to adapt to many
kinds of systems.
                                                      
                                           
Usage: ./configure [OPTION]... [VAR=VALUE]...
                                                      
                                           
To assign environment variables (e.g., CC, CFLAGS...),
specify them as VAR=VALUE.  See below for descriptions
of some of the useful variables.
                                                      
                                           
Defaults for the options are specified in brackets.
                                                      
                                           
Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to 
                this package
      --help=recursive    display the short help of
all the included packages
  -V, --version           display version information
and exit
  -q, --quiet, --silent   do not print `checking...'
messages
      --cache-file=FILE   cache test results in FILE
[disabled]
  -C, --config-cache      alias for
`--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR
[configure dir or `..']
                                                      
                                           
Installation directories:
  --prefix=PREFIX         install
architecture-independent files in PREFIX
                          [/usr/local]
  --exec-prefix=EPREFIX   install
architecture-dependent files in EPREFIX
                          [PREFIX]
                                                      
                                           
By default, `make install' will install all the files
in
`/usr/local/bin', `/usr/local/lib' etc.  You can
specify
--More--
an installation prefix other than `/usr/local' using
`--prefix',
for instance `--prefix=$HOME'.
 
For better control, use the options below.
 
Fine tuning of the installation directories:
  --bindir=DIR           user executables
[EPREFIX/bin]
  --sbindir=DIR          system admin executables
[EPREFIX/sbin]
  --libexecdir=DIR       program executables
[EPREFIX/libexec]
  --datadir=DIR          read-only
architecture-independent data [PREFIX/share]
  --sysconfdir=DIR       read-only single-machine data
[PREFIX/etc]
  --sharedstatedir=DIR   modifiable
architecture-independent data [PREFIX/com]
  --localstatedir=DIR    modifiable single-machine
data [PREFIX/var]
  --libdir=DIR           object code libraries
[EPREFIX/lib]
  --includedir=DIR       C header files
[PREFIX/include]
  --oldincludedir=DIR    C header files for non-gcc
[/usr/include]
  --infodir=DIR          info documentation
[PREFIX/info]
  --mandir=DIR           man documentation
[PREFIX/man]
 
Program names:
  --program-prefix=PREFIX            prepend PREFIX to
installed program names
  --program-suffix=SUFFIX            append SUFFIX to
installed program names
  --program-transform-name=PROGRAM   run sed PROGRAM
on installed program names
 
System types:
  --build=BUILD     configure for building on BUILD
[guessed]
  --host=HOST       cross-compile to build programs to
run on HOST [BUILD]
 
--More--
Optional Features:
  --disable-FEATURE       do not include FEATURE (same
as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-64bit-gcc    Try to compile 64bit (only
tested on Sparc Solaris 9).
  --disable-dependency-tracking Speeds up one-time
builds
  --enable-dependency-tracking  Do not reject slow
dependency extractors
  --enable-debug          enable debugging options
(bugreports and developers only)
  --enable-profile        enable profiling options
(developers only)
  --enable-sourcefire      Enable Sourcefire specific
build options
  --enable-perfmonitor     Enable perfmonitor
preprocessor
  --enable-linux-smp-stats Enable statistics reporting
through proc
  --enable-inline         Use the libipq interface for
inline snort
  --enable-ipfw            Enable ipfw Divert mode for
use with inline
  --enable-flexresp       Flexible Responses on
hostile connection attempts
 
Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as
--with-PACKAGE=no)
  --with-libpcap-includes=DIR  libpcap include
directory
  --with-libpcap-libraries=DIR  libpcap library
directory
  --with-libpcre-includes=DIR  libpcre include
directory
  --with-libpcre-libraries=DIR  libpcre library
directory
  --with-libnet-includes=DIR   libnet include
directory
  --with-libnet-libraries=DIR  libnet library
directory
  --with-mysql=DIR        support for mysql
  --with-odbc=DIR         support for odbc
  --with-postgresql=DIR   support for postgresql
  --with-oracle=DIR       support for oracle
--More--
Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you
have libraries in a
              nonstandard directory <lib dir>
  CPPFLAGS    C/C++ preprocessor flags, e.g.
-I<include dir> if you have
              headers in a nonstandard directory
<include dir>
  CPP         C preprocessor
 
Use these variables to override the choices made by
`configure' or to help
it to find libraries and programs with nonstandard
names/locations.



 --- Joshua Berry <jberry at ...11848...> wrote: 
> What is the output of ./configure --help?
> 
> -----Original Message-----
> From: Jitendra Gupta
> [mailto:jitendrakrgupta_snort at ...5176...] 
> Sent: Monday, April 04, 2005 9:23 AM
> To: Joshua Berry; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] How to enable XML Logging
> in Snort 2.3.2
> 
> Thanks a lot Sir for helping me out but sorry to say
> that it didn't work.
> When I visited      
>  http://aircert.sourceforge.net/libairutil/
>              and
>  http://aircert.sourceforge.net/libih/
> 
> They said :-
> 
> libairutil has been merged into libair
>              and
> libih has been merged into libair
> 
> and so I installed only libair .Then following your
> instructions ,I did the following steps orderly:-
> 
> 1.      snort-2.3.2]# aclocal-1.7
> 2.      snort-2.3.2]# autoheader-2.5x
> 3.      snort-2.3.2]# automake-1.7 --add-missing
> 4.      snort-2.3.2]# autoconf-2.5x
> 5.      snort-2.3.2]# ./configure
> --with-libair=/usr/local/lib/ --with-mysql
> Still ./configure --help  did not have any
>  parameter for --with-libair 
> 6.      snort-2.3.2]# make
> 7.      snort-2.3.2]# make install
> Then after editing snort.conf by adding 
>   output xml: log,file=/var/log/snort/output.xml
>  above the output database line(I am using MySQL)
> and
>  running the command 
>          snort -c snort.conf
>  I again got the same error 
>  ERROR:unknown output plugin:'xml'Fatal Error,
>  Quitting..
> Please help,
> Jitendra
> 
> 
> 
> --- Joshua Berry <jberry at ...11848...> wrote:
> > After patching snort, you should probably run:
> > aclocal
> > autoheader
> > automake --add-missing
> > autoconf
> > 
> > Then run ./configure --with-libih
> --with-libairtutil
> > 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net]
> On
> > Behalf Of Jitendra
> > Gupta
> > Sent: Saturday, April 02, 2005 4:26 AM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] How to enable XML Logging
> in
> > Snort 2.3.2
> > 
> > Hello List,
> >            I am a newbie to Snort .I have
> installed
> > Snort 2.3.2 on Mandrake 9.2 and want to enable XML
> > logging in it.I have gone through                 
>  
> >  
> > 
> > 
> >        http://www.cert.org/kb/snortxml/
> > 
> > but still cannot achieve it.I installed 
> > libairutil 0.2.24 and libair 0.4.30.
> > Then I rebuilt the snort using 
> >  /configure --with-libih --with-libairtutil.
> > But when I did ./configure --help I didnot find
> any
> > parameter for --with-libih and
> > --with-libairutil.Still
> > I continued to do make and make install.Then after
> > editing
> > snort.conf by adding 
> >  output xml: log,file=/var/log/snort/output.xml
> > above the output database line(I am using MySQL)
> and
> > running the command 
> >         snort -c snort.conf
> > I get the error 
> > ERROR:unknown output plugin:'xml'Fatal Error,
> > Quitting..
> > Please Help me out.I am in deep need of the
> > solution.If you can suggest any other method
> ,please
> > suggest.
> > Thanking You,
> > Yours Faithfully,
> > Jitendra
> > 
> > 
> >
>
________________________________________________________________________
> > Yahoo! India Matrimony: Find your life partner
> > online
> > Go to: http://yahoo.shaadi.com/india-matrimony
> > 
> > 
> >
>
-------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT
> > Products from real users.
> > Discover which products truly live up to the hype.
> > Start reading now.
> >
>
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> 
>
________________________________________________________________________
> Yahoo! India Matrimony: Find your life partner
> online
> Go to: http://yahoo.shaadi.com/india-matrimony
>  

________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony




More information about the Snort-users mailing list