[Snort-users] Fw: [Snortsam-discussion] HELP: setting upSnortSamrunsSnort-2.8.0+BASE+Barnyard

Rachmat Hidayat Al-Anshar rachmat_hidayat_02 at ...131...
Thu Nov 8 02:23:44 EST 2007



----- Forwarded Message ----
From: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 at ...131...>
To: snortsam-discussion at ...10203...
Sent: Thursday, November 8, 2007 2:13:44 PM
Subject: Re: [Snortsam-discussion] [Snort-users] HELP: setting upSnortSamrunsSnort-2.8.0+BASE+Barnyard

"It's not been modified for 2.8 correctly yet" what does it means?!
Is it, there is no SnortSam patch for Snort-2.8.0 yet?

----- Original Message ----
From: Matt Jonkman <jonkman at ...4024...>
To: snortsam-discussion at ...10203...
Cc: Joel Esler <joel.esler at ...1935...>; Snort-users at lists.sourceforge.net
Sent: Thursday, November 8, 2007 11:32:07 AM
Subject: Re: [Snortsam-discussion] [Snort-users] HELP: setting upSnortSamrunsSnort-2.8.0+BASE+Barnyard

It does not yet. It's not been modified for
 2.8 correctly yet.

I'll announce as soon as it is...

Matt

Anthony Rodgers wrote:
> The patch is supposed to supply a patched call to RegisterPlugin() -
 if
> it doesn't, I'd like to know......
> 
> CP 
> 
> -----Original Message-----
> From: snortsam-discussion-bounces at ...10203...
> [mailto:snortsam-discussion-bounces at ...10203...] On Behalf Of Will
> Metcalf
> Sent: Saturday, November 03, 2007 6:46 AM
> To: Joel Esler
> Cc: Snort-users at lists.sourceforge.net;
 snortsam-discussion at ...10203...
> Subject: Re: [Snortsam-discussion] [Snort-users] HELP: setting
> upSnortSamrunsSnort-2.8.0+BASE+Barnyard
> 
> It appears as if the patch is broken.  It looks like RegisterPlugin
> requires an OptType in 2.8 and whoever updated the patch did not
 specify
> one.  so In spo_alert_fwsam.c
> 
> RegisterPlugin("fwsam", AlertFWsamOptionInit);
> 
> Needs to be something like....
> 
> RegisterPlugin("fwsam", AlertFWsamOptionInit,OPT_TYPE_ACTION);
> 
> here are the opt types you can specify.  I'm not sure which does
 what,
> maybe Joel can clarify the correct one to use.  Need to go pack now,
> getting ready for an 11 hour flight ;-)...
> 
>         OPT_TYPE_ACTION = 0,
>         OPT_TYPE_LOGGING,
>         OPT_TYPE_DETECTION,
>         OPT_TYPE_MAX
> 
> Regards,
> 
> Will
> On 11/3/07, Joel Esler <joel.esler at ...1935...> wrote:
>> What version of Snort are you running?
>> Is SnortSAM compatible with that version?
>>
>> Did you notice you typed "--with-ysql-libraries" instead of 
>> "--with-mysql-libraries".
>>
>> In addition to that, I recommend you do NOT have Snort log directly
 to
> 
>> the DB, instead, use Snort to log to unified, then have a separate 
>> tool named "barnyard" to insert the unified files into the DB.
>>
>> J
>>
>>
>>
>> On Nov 3, 2007, at 1:49 AM, Rachmat Hidayat Al-Anshar wrote:
>>
>>
>> All right then,
>> I've been trying to going through this process with ignoring the 
>> warning message produced by aclocal.
>> The proccess continued
>>
>> # autoheader
>> # automake -add-missing
>> # autoconf
>> #./configure --enable-dynamicplugin
>> --with-mysql-includes=/usr/include/mysql
>> --with-ysql-libraries=/usr/lib
>>
>> and suddenly...
>>
>> spo_alert_fwsam.c: In function 'AlertFWsamSetup':
>> spo_alert_fwsam.c:143: warning: passing arg 3 of 
>> 'RegisterOutputPlugin'
 from incompatible pointer type
>> spo_alert_fwsam.c:144: error: too few arguments to function
> 'RegisterPlugin'
>> spo_alert_fwsam.c: In function 'AlertFWsam':
>> spo_alert_fwsam.c:905: warning: passing arg 2 of 'TwoFishEncrypt'
 from
> 
>> incompatible pointer type
>> spo_alert_fwsam.c:940: warning: passing arg 2 of 'TwoFishDecrypt'
 from
> 
>> incompatible pointer type
>> spo_alert_fwsam.c:946: warning: passing arg 2 of 'TwoFishDecrypt'
 from
> 
>> incompatible pointer type
>> spo_alert_fwsam.c:979: warning: passing arg 2 of 'TwoFishDecrypt'
 from
> 
>> incompatible pointer type
>> spo_alert_fwsam.c:985: warning: passing arg 2 of 'TwoFishDecrypt'
 from
> 
>> incompatible pointer type
>> spo_alert_fwsam.c: In function 'FWsamCheckOut':
>> spo_alert_fwsam.c:1141: warning: passing arg 2 of 'TwoFishEncrypt' 
>> from incompatible pointer type
>> spo_alert_fwsam.c:1157: warning: passing arg 2 of 'TwoFishDecrypt' 
>> from incompatible pointer type
>> spo_alert_fwsam.c:1163: warning: passing arg 2 of 'TwoFishDecrypt' 
>> from incompatible pointer type
>> spo_alert_fwsam.c: In function 'FWsamCheckIn':
>> spo_alert_fwsam.c:1274: warning: passing arg 2 of 'TwoFishEncrypt' 
>> from incompatible pointer type
>> spo_alert_fwsam.c:1293: warning: passing arg 2 of 'TwoFishDecrypt' 
>> from incompatible pointer type
>> make[3]: *** [spo_alert_fwsam.o] Error 1
>> make[3]: Leaving directory
> '/research/snort/snort-2.8.0/src/output-plugins'
>> make[2]: ***
 [all-recursive] Error 1
>> make[2]: Leaving directory '/research/snort/snort-2.8.0/src'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory '/research/snort/snort-2.8.0'
>> make: *** [all] Error 2
>>
>> What's wrong with snort?!
>> How to solve this?
>>
>> Any response will be appreciated
>> Thanks
>> (^^!) Mat
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam? Yahoo! Mail has the best spam protection around 
>> http://mail.yahoo.com
>>
 ----------------------------------------------------------------------
>> --- This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a
> browser.
>> Download your FREE copy of Splunk now >> 
>>
 http://get.splunk.com/_______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
 ----------------------------------------------------------------------
>> --- This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a
> browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/ 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
> _______________________________________________
> Snortsam-discussion mailing list
> Snortsam-discussion at ...10203...
> http://lists.snortsam.net/mailman/listinfo/snortsam-discussion
> _______________________________________________
> Snortsam-discussion mailing list
> Snortsam-discussion at ...10203...
> http://lists.snortsam.net/mailman/listinfo/snortsam-discussion

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


_______________________________________________
Snortsam-discussion mailing list
Snortsam-discussion at ...10203...
http://lists.snortsam.net/mailman/listinfo/snortsam-discussion





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071107/69ff8d1b/attachment.html>


More information about the Snort-users mailing list