[Snort-users] Snort 2.9.0 Now Available

Russ Combs rcombs at ...1935...
Mon Oct 4 21:49:18 EDT 2010


On Mon, Oct 4, 2010 at 8:45 PM, waldo kitty <wkitty42 at ...14940...> wrote:

> On 10/4/2010 19:52, Eoin Miller wrote:
> >    On 10/4/10 7:24 PM, waldo kitty wrote:
> >> On 10/4/2010 17:44, waldo kitty wrote:
> >>> On 10/4/2010 16:36, Snort Releases wrote:
> >>>> Snort 2.9.0 is now available on snort.org, at
> >>>> http://www.snort.org/snort-downloads/.
> >>> trying to compile from sources and run into a problem with missing
> libdnet... is
> >>> this lib absolutely necessary or is there a way to disable it if it is
> not?
> >>>
> >>> :?
> >> i forgot to mention that this failure comes in the configure section of
> our
> >> build... it looks like russ was right in that this libdnet library is
> now
> >> required even if we use NO compile time options :sigh: :?
> >>
> >>
> > It is in the changelog:
> >
> > * Snort no longer depends on libnet and uses libdnet instead.
>
> yeah, that really means nothing to this poor code jockey other than yet
> another
> lib to figure out how to install and get compiled in my environment... i
> can
> only imaging what the corporate side maintainers are going to face... they
> have
> basically the same things to deal with that i do... i just have the chance
> to be
> a step or three ahead of them and make my releases as mods to the official
> release of the total package...
>

FWIW, libnet is obsolete and increasingly hard to find.  dnet makes things
easier in that regard.

>
> > Also libdnet is going to be called libdumbnet in most Linux package
> > based repositories. However it is going to install the libraries under
> > different names so it still can't find it when being installed. Just
> > pull the source and compile/install prior to configure/make with Snort
> > (or just make the appropriate symlinks):
>
> that's just great... not... :sigh:
>
> >
> > http://code.google.com/p/libdnet/downloads/list
> >
> > Don't forget to grab daq from snort.org and compile/install it first,
> > that had me banging my head against the wall for like 10 minutes trying
> > to figure out what was goin on when I was playing with the beta. 2.9.0
> > is super awesome though for many many reasons and everyone should
> > upgrade happily.
>
> AFAIK, we don't use DAQ in our setup... pcap seems to be what we use but
> i've
> not dug into the code to determine that... our official releases do not use
> any
> compile time options at all... then again, our FOSS stuff is aimed at those
> machines that everyone is throwing away because they don't think they have
> any
> use left in them... sheesh, we're pulling P4's out of the dumpsters these
> days... with 1+Gig of RAM and "huge" HDs where we only need ~10G of HD
> space...
>

With 2.9.0, you *must* use the DAQ.  By default, you will wind up using a
pcap DAQ, but the DAQ is a separate package that must be installed.  This is
new for 2.9.0.

Also, the NFQ and IPQ DAQs require libdnet, but so does Snort 2.9.0.

>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
>  _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101004/1079d06c/attachment.html>


More information about the Snort-users mailing list