[Snort-users] [Snortsam-discussion] HELP: setting up SnortSamrunsSnort-2.8.0+BASE+Barnyard

Rachmat Hidayat Al-Anshar rachmat_hidayat_02 at ...131...
Sat Nov 3 09:39:34 EDT 2007


Hi Joel, thanks for the response...

| 
What version of Snort are you running?
Snort-2.8.0 and Snortsam-patch-2.8 

|Is SnortSAM compatible with that version?
Obviously didn't know, what do u think?

| Did you notice you typed "--with-ysql-libraries" instead of "--with-mysql-libraries".
my bad, but, I do reconfigure Snort with:
# ./configure --enable-dynamicplugin --with-mysql-includes=/usr/include/mysql --with-mysql-libraries=/usr/lib

and the message still occur. :-( 
Is it any problem with SnortSam patch for Snort?!
please help...

Any response will be appreciated
Thanks
(^^!) Mat


----- Original Message ----
From: Joel Esler <joel.esler at ...1935...>
To: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 at ...131...>
Cc: snortsam-discussion at ...10203...; Snort-users at lists.sourceforge.net
Sent: Saturday, November 3, 2007 8:22:35 PM
Subject: Re: [Snort-users] [Snortsam-discussion] HELP: setting up SnortSamrunsSnort-2.8.0+BASE+Barnyard


What version of Snort are you running?Is SnortSAM compatible with that version?


Did you notice you typed "--with-ysql-libraries" instead of "--with-mysql-libraries".


In addition to that, I recommend you do NOT have Snort log directly to the DB, instead, use Snort to log to unified, then have a separate tool named "barnyard" to insert the unified files into the DB.


J


On Nov 3, 2007, at 1:49 AM, Rachmat Hidayat Al-Anshar wrote:

All right then, 
I've been trying to going through this process with ignoring the warning message produced by aclocal.
The proccess continued

# autoheader 
# automake –add-missing
# autoconf 
#./configure --enable-dynamicplugin --with-mysql-includes=/usr/include/mysql --with-ysql-libraries=/usr/lib

and suddenly...

spo_alert_fwsam.c: In function 'AlertFWsamSetup':
spo_alert_fwsam.c:143: warning: passing arg 3 of 'RegisterOutputPlugin' from incompatible pointer type
spo_alert_fwsam.c:144: error: too few arguments to function 'RegisterPlugin'  
spo_alert_fwsam.c: In function 'AlertFWsam':
spo_alert_fwsam.c:905: warning: passing arg 2 of 'TwoFishEncrypt' from incompatible pointer type 
spo_alert_fwsam.c:940: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
spo_alert_fwsam.c:946: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
spo_alert_fwsam.c:979: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
spo_alert_fwsam.c:985: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
spo_alert_fwsam.c: In function 'FWsamCheckOut':
spo_alert_fwsam.c:1141: warning: passing arg 2 of 'TwoFishEncrypt' from incompatible pointer type
spo_alert_fwsam.c:1157: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
spo_alert_fwsam.c:1163: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
spo_alert_fwsam.c: In function 'FWsamCheckIn':
spo_alert_fwsam.c:1274: warning: passing arg 2 of 'TwoFishEncrypt' from incompatible pointer type
spo_alert_fwsam.c:1293: warning: passing arg 2 of 'TwoFishDecrypt' from incompatible pointer type
make[3]: *** [spo_alert_fwsam.o] Error 1
make[3]: Leaving directory '/research/snort/snort-2.8.0/src/output-plugins'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/research/snort/snort-2.8.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/research/snort/snort-2.8.0'
make: *** [all] Error 2

What's wrong with snort?!
How to solve this?

Any response will be appreciated
Thanks
(^^!) Mat



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com -------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071103/19b9599e/attachment.html>


More information about the Snort-users mailing list