[Snort-users] Snort 2.9.0 Now Available

Crook, Parker Parker_Crook at ...14786...
Fri Oct 8 11:47:56 EDT 2010


Howdy again Snort-heads,

I have been gone for some time, the original intent was to come back after a month and give the Snort Drinking Game a try while abiding by the rules (ie, Don't look at the list for a month...), but I took a longer than intended break.  Alas, I have started reading and my liver ran away before I could even get started.

[TRIM]
> >      > With 2.9.0, you *must* use the DAQ.  By default, you will wind up using a
> >     pcap
> >      > DAQ, but the DAQ is a separate package that must be installed.  This is
> >     new for
> >      > 2.9.0.
> >
> >     ugh! when does the madness end? 
[TRIM]

Argh! Certainly not here, I just had to build a new build environment to get it all running; the irony is not lost on me, nor is the frustration.  So, now that I know it can be done on Debian, I am turning back to my old build environment wondering why/where it went wrong.  I had libdnet-1.11, libpcap-1.1.1 and went to town on daq-0.2 so I could get snort-2.9.0 up and running in my test environment.  So running ./configure for daq, I get the following error (last 5 lines of output below):

	checking whether the f77 linker (/usr/bin/ld) supports shared libraries... yes
	checking dynamic linker characteristics... GNU/Linux ld.so
	(cached) (cached) checking how to hardcode library paths into programs... immediate
	./configure: line 19179: syntax error near unexpected token `AC_SF_COMPILER_SETUP'
	./configure: line 19179: `AC_SF_COMPILER_SETUP()'

Google turns up a bunch of cricket chirps and so I put it to the Sourcefire guys... any clues?

> > It would make things a tad easier for Snort installs but the DAQ is a generic
> > solution to packet acquisition problems and is packaged separately so that it
> > may find a life of its own.
> 
> that's understandable... to a point... i can't count the numbers of times that
> i've included other packages in my releases that are standalone that my release
> required for operation... it just made sense to "make it as easy as possible"...
> it certainly didn't take away from the separation of the packages or their
> individuality ;)

And we thank you for your civility, wkitty :)

> 
> >     this release really should be 3.something instead of 2.9 with changes like
> >     these... but all we can do it either keep trying to move forward or dump snort
> >     in the bitbucket and find something else :? that's not my call so all i can do
> >     is try to keep beating snort into submission in my environment... it may very
> >     well turn out that it gets dumped if we can't get 2.9.0 working and especially
> >     if the rules updates get EOLed and leave our users with no rules to use...

Agreed, major changes here -> 3.0, but water under the bridge, as the saying goes.

-Parker




More information about the Snort-users mailing list