[Snort-users] Snort 2.9.0 Now Available
rcombs at ...1935...
Tue Oct 5 12:12:36 EDT 2010
On Tue, Oct 5, 2010 at 12:00 PM, waldo kitty <wkitty42 at ...14940...>wrote:
> On 10/5/2010 08:32, Russ Combs wrote:
> > On Mon, Oct 4, 2010 at 10:52 PM, waldo kitty <wkitty42 at ...14940...
> > <mailto:wkitty42 at ...14940...>> wrote:
> > the only libnet i find anywhere in our basic source directories seems
> to be
> > win32 related for some package(s) we use that support that
> environment... since
> > we're a *nix based environment, that one doesn't do us any good...
> > libnet is a library. You may have installed it from a binary package or
> > it from a source package but it is not part of the Snort source tree.
> as written above, there is no libnet in use at all in the product i'm
> with... there's no libdnet, either... we've simply never had a need for
OK - libnet was only required for inline builds. I'm looking into a change
that may obviate dnet for Snort when active response is not configured.
> > > AFAIK, we don't use DAQ in our setup... pcap seems to be what
> we use
> > >
> > > With 2.9.0, you *must* use the DAQ. By default, you will wind up
> using a
> > pcap
> > > DAQ, but the DAQ is a separate package that must be installed.
> This is
> > new for
> > > 2.9.0.
> > ugh! when does the madness end? :lol: i'll have to see if i can hunt
> up the
> > archive for that... hopefully it is available at
> > www.snort.org/ports/snort-current/ <
> > You can find it here, along with Snort:
> i'd rather find it in a place that is automation and script friendly...
> that web
> page link is not :?
This is another issue worth sending to the web site maintainers.
> > > Also, the NFQ and IPQ DAQs require libdnet, but so does Snort
> > this begs the question of why DAQ wasn't included in the 2.9.0
> archive so that
> > one only need grab that one archive, untar it and DAQ be available in
> the 2.9.0
> > source tree... it sure would make things a *lot* easier :?
> > It would make things a tad easier for Snort installs but the DAQ is a
> > solution to packet acquisition problems and is packaged separately so
> that it
> > may find a life of its own.
> that's understandable... to a point... i can't count the numbers of times
> i've included other packages in my releases that are standalone that my
> required for operation... it just made sense to "make it as easy as
> it certainly didn't take away from the separation of the packages or their
> individuality ;)
> > this release really should be 3.something instead of 2.9 with changes
> > these... but all we can do it either keep trying to move forward or
> dump snort
> > in the bitbucket and find something else :? that's not my call so all
> i can do
> > is try to keep beating snort into submission in my environment... it
> may very
> > well turn out that it gets dumped if we can't get 2.9.0 working and
> > if the rules updates get EOLed and leave our users with no rules to
> > If you want to roll your own, I recommend you start with the DAQ ... :)
> hehehehehe, that's funny :)
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users