[Snort-users] Snort 2.9.0 Now Available

Russ Combs rcombs at ...1935...
Tue Oct 5 12:12:36 EDT 2010


On Tue, Oct 5, 2010 at 12:00 PM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 10/5/2010 08:32, Russ Combs wrote:
> >
> > On Mon, Oct 4, 2010 at 10:52 PM, waldo kitty <wkitty42 at ...14940...
> > <mailto:wkitty42 at ...14940...>> wrote:
> >
> >     the only libnet i find anywhere in our basic source directories seems
> to be
> >     win32 related for some package(s) we use that support that
> environment... since
> >     we're a *nix based environment, that one doesn't do us any good...
> >
> > libnet is a library.  You may have installed it from a binary package or
> built
> > it from a source package but it is not part of the Snort source tree.
>
> as written above, there is no libnet in use at all in the product i'm
> working
> with... there's no libdnet, either... we've simply never had a need for
> either...
>

OK - libnet was only required for inline builds.  I'm looking into a change
that may obviate dnet for Snort when active response is not configured.

>
> >      >     AFAIK, we don't use DAQ in our setup... pcap seems to be what
> we use
> [TRIM]
> >      >
> >      > With 2.9.0, you *must* use the DAQ.  By default, you will wind up
> using a
> >     pcap
> >      > DAQ, but the DAQ is a separate package that must be installed.
>  This is
> >     new for
> >      > 2.9.0.
> >
> >     ugh! when does the madness end? :lol: i'll have to see if i can hunt
> up the
> >     archive for that... hopefully it is available at
> >     www.snort.org/ports/snort-current/ <
> http://www.snort.org/ports/snort-current/>
> >
> > You can find it here, along with Snort:
> http://www.snort.org/snort-downloads.
>
> i'd rather find it in a place that is automation and script friendly...
> that web
> page link is not :?
>

This is another issue worth sending to the web site maintainers.

>
> >      > Also, the NFQ and IPQ DAQs require libdnet, but so does Snort
> 2.9.0.
> >
> >     this begs the question of why DAQ wasn't included in the 2.9.0
> archive so that
> >     one only need grab that one archive, untar it and DAQ be available in
> the 2.9.0
> >     source tree... it sure would make things a *lot* easier :?
> >
> > It would make things a tad easier for Snort installs but the DAQ is a
> generic
> > solution to packet acquisition problems and is packaged separately so
> that it
> > may find a life of its own.
>
> that's understandable... to a point... i can't count the numbers of times
> that
> i've included other packages in my releases that are standalone that my
> release
> required for operation... it just made sense to "make it as easy as
> possible"...
> it certainly didn't take away from the separation of the packages or their
> individuality ;)
>
> >     this release really should be 3.something instead of 2.9 with changes
> like
> >     these... but all we can do it either keep trying to move forward or
> dump snort
> >     in the bitbucket and find something else :? that's not my call so all
> i can do
> >     is try to keep beating snort into submission in my environment... it
> may very
> >     well turn out that it gets dumped if we can't get 2.9.0 working and
> especially
> >     if the rules updates get EOLed and leave our users with no rules to
> use...
> >
> > If you want to roll your own, I recommend you start with the DAQ ...  :)
>
> hehehehehe, that's funny :)
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101005/a913d914/attachment.html>


More information about the Snort-users mailing list