[Snort-users] problem starting snort..kindly help

pearl carlo pearlcarlo at ...131...
Mon May 28 21:10:17 EDT 2007


hi everybody

i actually went ahead and reinstalled after uninstalling and this time i did not do it
with dynamic plugin and it worked.
thanks everyone for time..

ps: Joel.. i checked your mail now. i guess that would have been a problem..i actually did config couple of times in between by uninstalling it and cleaning it at that time it did not work..now i shall try with dynamic plugin too..



Joel Esler <joel.esler at ...1935...> wrote: I am looking at your history file here, and it looks like you descended into the snort dir, and did a config, but you never did a make nor a make install.

Kinda need to do that.
 




joel esler | security consultant | Sourcefire | pgp  key is public



 

On May 28, 2007, at 7:26 PM, pearl carlo wrote:

Hi Scott, atkins, and rmkml

here is what i did after downloading the required packages to /local/usr/src
 
43  cd /usr/local
   44  tar zxvf src/pcre-7.1.tar.gz 
   45  cd pcre-7.1
   46  ./configure
   47  make
   48  make install
   49  cd ..
   50  tar zxvf src/libnet-1.0.2a.tar.gz 
   51  cd Libnet-1.0.2a/
   52  ./configure
   53  make
   54  make install
   55  cd ..
   56  tar zxvf src/libpcap-0.9.4.tar.gz 
   57  cd libpcap-0.9.4/
   58  ./configure
   59  make
   60  make install
   61  cd ..
   62  tar zxvf src/snort-2.6.1.5.tar.gz 
   63  cd snort-2.6.1.5/
  
In between here i installed mysql through rpm (devel and admin)

   78  ./configure --enable-flexresp --with-mysql --enable-dynamicplugin
   79  mkdir /etc/snort
   80  mkdir /var/log/snort
   81  tar zxvf /usr/local/src/snortrules-snapshot-CURRENT.tar.gz  -C /etc/snort
   82  cp etc/*.conf* /etc/snort
   83  cp etc/*.map /etc/snort
   84  ln -s /usr/local/bin/snort /usr/sbin/snort
   85  groupadd snort
   86  useradd -g snort snort
   87  chown snort:snort /var/log/snort
   88  vi /etc/snort/snort.conf
   89  vi /etc/snort/snort.conf
 here i have chaged the RULE_PATH in the snort.conf file
 

  
  112  service mysqld status
  113  service mysqld start
  
here i had some problems related to mysql , sorted those out and continued
setting mysql
it took the schema and no problems creating database here

  164  /usr/local/bin/snort -c /etc/snort/snort.conf 
 at this stage i get the message
bash: /usr/local/bin/snort: No such file or directory
 
  whereis snort  
or
whereis snort.conf
gives me 
snort: /usr/sbin/snort /etc/snort

and if i give 
/usr/sbin/snort -c /etc/snort/snort.conf i get the follwing
bash: /usr/local/bin/snort: No such file or directory

tail -f /var/log/messages gives me following

May 28 15:54:53 localhost last message repeated 50 times
May 28 15:55:55 localhost last message repeated 50 times
May 28 15:56:57 localhost last message repeated 50 times
May 28 15:57:59 localhost last message repeated 50 times
May 28 15:59:01 localhost last message repeated 50 times
May 28 16:00:03 localhost last message repeated 50 times
May 28 16:01:05 localhost last message repeated 50 times
May 28 16:02:07 localhost last message repeated 50 times
May 28 16:03:09 localhost last message repeated 50 times
May 28 16:04:11 localhost last message repeated 50 times

Is it that i need to uninstall the packages and relaod the rpm based version..
can somebody give me clue to progress further and give me some idea what is going on and where could be the mistake...

appreciating for your time ..

pearl






"Atkins, Dwane P" <ATKINSD at ...9240...> wrote:     Pearl,
  
 If you do a tail -f /var/log/messages, do you see any errors?  Did you try and reconfigure it with the --with-mysql?  
  

 
 
---------------------------------
 From: pearl carlo [mailto:pearlcarlo at ...131...]
Sent: Mon 5/28/2007 1:29 AM
To: Atkins, Dwane P
Subject: RE: [Snort-users] problem starting snort..kindly help


 i am trying to install snort 2.6.1.5


"Atkins, Dwane P" <ATKINSD at ...9240...> wrote:  
What version are you trying to install? I can only guess since I am
rather new, but you may want to attempt to ./configure --with-mysql
Make
Make install


-----Original Message-----
From: snort-users-bounces at lists.sourceforge.net
[mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of pearl
carlo
Sent: Sunday, May 27, 2007 10:29 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] problem starting snort..kindly help

hi all 
i have installed all the required packages and has set up the database
also successfully in mysql but now after doing all the hardwork when i
am trying to start the snort by writing the following
/usr/local/bin/snort -c /etc/snort/snort.conf

i get the following message ..i am unable to understand what i am
missing
bash: /usr/local/bin/snort: No such file or directory

and when i cd to directory structure ....it really do not exist...i hope
that is suppose to be created by snort during installation..

kindly help..i have wasted quite a time on that
pearl


________________________________

Bored stiff? 
Loosen up...
Download and play hundreds of games for free
on Yahoo!
Games.

  

---------------------------------
 Be a better Globetrotter. Get better travel answers from someone who knows.
Yahoo! Answers - Check it out. 

       


---------------------------------
Need a vacation? Get great deals to amazing places on Yahoo! Travel.-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
 




       
---------------------------------
Building a website is a piece of cake. 
Yahoo! Small Business gives you all the tools to get online.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070528/491a6f3b/attachment.html>


More information about the Snort-users mailing list