[Snort-users] Snort 2.9.0.1 & OpenBSD 4.8 build problems

Russ Combs rcombs at ...1935...
Thu Nov 4 19:20:32 EDT 2010


On Thu, Nov 4, 2010 at 7:01 PM, Ross Lawrie <ross at ...15039...> wrote:

> On Thu, 2010-11-04 at 18:18 -0400, Russ Combs wrote:
> >
> >
>  > On Thu, Nov 4, 2010 at 6:12 PM, JJC <cummingsj at ...11827...> wrote:
> >         quickest way for you is to add this to the snort ./configure
> >         options
> >
> >         --disable-static-daq
> >
> >         then when you start snort, add this:
> >
> >         --daq-dir=/usr/local/lib/daq/
> >
> >         and voila
> >
> > The above is an excellent workaround.  If you want to debug farther:
> >
> > nm /usr/local/lib/libdaq_static.a | grep daq_load_modules
> >
> > and send the output.  I'm guessing that you will see something like:
> >
> > 00000000000005ab T daq_load_modules
> >
> > Which means the symbol is there but isn't being found by configure's
> > test program.
> >
> > Let me know.
> >
> >
> >
> >         JJC
> >
> >
> >         On Thu, Nov 4, 2010 at 3:38 PM, Ross Lawrie
> >         <ross at ...15039...> wrote:
> >         > Hi,
> >         >
> >         > I was hoping someone might be able to offer some advice.
> >          I'm
> >         > encountered problems installing Snort 2.9.0.1 on OpenBSD
> >         4.8.  I have
> >         > installed an updated libpcap (1.1.1), libdnet (1.12) and DAQ
> >         (0.3)
> >         > without any obvious problems.  DAQ seems to install its
> >         libraries
> >         > correctly:
> >         >
> >         > ls -al /usr/local/lib/libdaq*
> >         > -rw-r--r--  1 root  wheel  40382 Nov  4 14:26 libdaq.a
> >         > -rwxr-xr-x  1 root  wheel    926 Nov  4 14:26 libdaq.la
> >         > -rwxr-xr-x  1 root  wheel  37400 Nov  4 14:26 libdaq.so.0.1
> >         > -rw-r--r--  1 root  wheel  41460 Nov  4 14:26
> >         libdaq_static.a
> >         > -rwxr-xr-x  1 root  wheel    907 Nov  4 14:26
> >         libdaq_static.la
> >         > -rw-r--r--  1 root  wheel  61164 Nov  4 14:27
> >         libdaq_static_modules.a
> >         > -rwxr-xr-x  1 root  wheel    931 Nov  4 14:27
> >         libdaq_static_modules.la
> >         >
> >         > I'm able to run daq-modules-config and confirm that it is in
> >         my path:
> >         >
> >         > daq-modules-config --static --libs
> >         > -L/usr/local/lib -ldaq_static_modules
> >         >
> >         > ldconfig sees the libdaq library:
> >         >
> >         > ldconfig -Rv /usr/local/lib 2>&1 | grep daq
> >         > Adding /usr/local/lib/libdaq.so.0.1
> >         >
> >         > However when I try to configure Snort I receive this error:
> >         >
> >         > ...
> >         > checking for pcap_datalink in -lpcap... yes
> >         > checking for pcap_lex_destroy... no
> >         > checking for pcap_lib_version... yes
> >         > checking pcre.h usability... yes
> >         > checking pcre.h presence... yes
> >         > checking for pcre.h... yes
> >         > checking for pcre_compile in -lpcre... yes
> >         > checking for libpcre version 6.0 or greater... yes
> >         > checking dnet.h usability... yes
> >         > checking dnet.h presence... yes
> >         > checking for dnet.h... yes
> >         > checking for eth_set in -ldnet... yes
> >         > checking for dlsym in -ldl... no
> >         > checking for dlsym in -lc... yes
> >         > checking for daq_load_modules in -ldaq_static... no
> >         >
> >         >   ERROR!  daq_static library not found, go get it from
> >         >   http://www.snort.org/.
> >         >
> >         > The configure string I'm using for Snort is:
> >         >
> >         > ./configure \
> >         > --sysconfdir=/etc/snort \
> >         > --with-daq-includes=/usr/local/include \
> >         > --with-daq-libraries=/usr/local/lib \
> >         > --with-libpcap-includes=/usr/local/include \
> >         > --with-libpcap-libraries=/usr/local/lib \
> >         > --with-dnet-includes=/usr/local/include \
> >         > --with-dnet-libraries=/usr/local/lib
> >         >
> >         > I've seen some suggestion that building DAQ without the ipfw
> >         module
> >         > could help, but I still encounter the same issue.
> >         >
> >         > Appreciate any suggestions,
> >         >
> >         > Ross.
> >         >
> >
>
>
> Hi,
>
> JJC: that worked however it looks like Snort's not
> building /usr/local/lib/snort_dynamicengine/libsf_engine.so for some
> reason now.
>
> Nov  4 15:48:19 snort[17745]: FATAL ERROR: parser.c(5235) Could not stat
> dynamic module path
> "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or
> directory.
>
>
> Russ: You're right, the output looks much like you anticipated:
>
> nm /usr/local/lib/libdaq_static.a | grep daq_load_modules
>  000008c0 T daq_load_modules
>
> I've attached two config.log files, one generated when I try to include
> the static daq libraries, and the other when I configure without them.
>
> Definitely appreciate the help, I haven't had any problems in the past
> and this one just has me banging my head against the wall.
>

OK, now try this:

sudo ldconfig -p | grep daq

Edit /etc/ld.so.conf and add a line with /usr/local/lib.  Then:

sudo ldconfig -v | grep daq


>
> ross.
>
>
>
> ------------------------------------------------------------------------------
> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> David G. Thomson, author of the best-selling book "Blueprint to a
> Billion" shares his insights and actions to help propel your
> business during the next growth cycle. Listen Now!
> http://p.sf.net/sfu/SAP-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101104/d1510f21/attachment.html>


More information about the Snort-users mailing list