[Snort-users] Snort 2.9.0 Now Available

waldo kitty wkitty42 at ...14940...
Tue Oct 5 12:00:05 EDT 2010


On 10/5/2010 08:32, Russ Combs wrote:
>
> On Mon, Oct 4, 2010 at 10:52 PM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
>
>     the only libnet i find anywhere in our basic source directories seems to be
>     win32 related for some package(s) we use that support that environment... since
>     we're a *nix based environment, that one doesn't do us any good...
>
> libnet is a library.  You may have installed it from a binary package or built
> it from a source package but it is not part of the Snort source tree.

as written above, there is no libnet in use at all in the product i'm working 
with... there's no libdnet, either... we've simply never had a need for either...

>      >     AFAIK, we don't use DAQ in our setup... pcap seems to be what we use
[TRIM]
>      >
>      > With 2.9.0, you *must* use the DAQ.  By default, you will wind up using a
>     pcap
>      > DAQ, but the DAQ is a separate package that must be installed.  This is
>     new for
>      > 2.9.0.
>
>     ugh! when does the madness end? :lol: i'll have to see if i can hunt up the
>     archive for that... hopefully it is available at
>     www.snort.org/ports/snort-current/ <http://www.snort.org/ports/snort-current/>
>
> You can find it here, along with Snort: http://www.snort.org/snort-downloads.

i'd rather find it in a place that is automation and script friendly... that web 
page link is not :?

>      > Also, the NFQ and IPQ DAQs require libdnet, but so does Snort 2.9.0.
>
>     this begs the question of why DAQ wasn't included in the 2.9.0 archive so that
>     one only need grab that one archive, untar it and DAQ be available in the 2.9.0
>     source tree... it sure would make things a *lot* easier :?
>
> It would make things a tad easier for Snort installs but the DAQ is a generic
> solution to packet acquisition problems and is packaged separately so that it
> may find a life of its own.

that's understandable... to a point... i can't count the numbers of times that 
i've included other packages in my releases that are standalone that my release 
required for operation... it just made sense to "make it as easy as possible"... 
it certainly didn't take away from the separation of the packages or their 
individuality ;)

>     this release really should be 3.something instead of 2.9 with changes like
>     these... but all we can do it either keep trying to move forward or dump snort
>     in the bitbucket and find something else :? that's not my call so all i can do
>     is try to keep beating snort into submission in my environment... it may very
>     well turn out that it gets dumped if we can't get 2.9.0 working and especially
>     if the rules updates get EOLed and leave our users with no rules to use...
>
> If you want to roll your own, I recommend you start with the DAQ ...  :)

hehehehehe, that's funny :)




More information about the Snort-users mailing list