[Snort-users] Snort 2.9.0 Now Available
Parker_Crook at ...14786...
Fri Oct 8 11:47:56 EDT 2010
Howdy again Snort-heads,
I have been gone for some time, the original intent was to come back after a month and give the Snort Drinking Game a try while abiding by the rules (ie, Don't look at the list for a month...), but I took a longer than intended break. Alas, I have started reading and my liver ran away before I could even get started.
> > > With 2.9.0, you *must* use the DAQ. By default, you will wind up using a
> > pcap
> > > DAQ, but the DAQ is a separate package that must be installed. This is
> > new for
> > > 2.9.0.
> > ugh! when does the madness end?
Argh! Certainly not here, I just had to build a new build environment to get it all running; the irony is not lost on me, nor is the frustration. So, now that I know it can be done on Debian, I am turning back to my old build environment wondering why/where it went wrong. I had libdnet-1.11, libpcap-1.1.1 and went to town on daq-0.2 so I could get snort-2.9.0 up and running in my test environment. So running ./configure for daq, I get the following error (last 5 lines of output below):
checking whether the f77 linker (/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... GNU/Linux ld.so
(cached) (cached) checking how to hardcode library paths into programs... immediate
./configure: line 19179: syntax error near unexpected token `AC_SF_COMPILER_SETUP'
./configure: line 19179: `AC_SF_COMPILER_SETUP()'
Google turns up a bunch of cricket chirps and so I put it to the Sourcefire guys... any clues?
> > It would make things a tad easier for Snort installs but the DAQ is a generic
> > solution to packet acquisition problems and is packaged separately so that it
> > may find a life of its own.
> that's understandable... to a point... i can't count the numbers of times that
> i've included other packages in my releases that are standalone that my release
> required for operation... it just made sense to "make it as easy as possible"...
> it certainly didn't take away from the separation of the packages or their
> individuality ;)
And we thank you for your civility, wkitty :)
> > this release really should be 3.something instead of 2.9 with changes like
> > these... but all we can do it either keep trying to move forward or dump snort
> > in the bitbucket and find something else :? that's not my call so all i can do
> > is try to keep beating snort into submission in my environment... it may very
> > well turn out that it gets dumped if we can't get 2.9.0 working and especially
> > if the rules updates get EOLed and leave our users with no rules to use...
Agreed, major changes here -> 3.0, but water under the bridge, as the saying goes.
More information about the Snort-users