[Snort-users] Gentoo Linux Snort Users

Jason Wallace jason.r.wallace at ...11827...
Thu Feb 24 16:34:07 EST 2011


"as the patch fails when emerging the new ebuild" which patch are you
referring to?

/usr/lib64/dynamicrules is empty because the so_rules are not shipped
with the snort package. That directory is the drop zone for the SO
rules you should pull with pulledpork.


On Thu, Feb 24, 2011 at 4:19 PM, NA <dustypath at ...5068...> wrote:
> Thank you very much for your work, I was just lamenting this morning over a
> new install of 2.9.03 that FPs all over the place compared to!
> I am having trouble though as the patch fails when emerging the new ebuild.
> I was having trouble with dynamic detection already, the directory
> /usr/lib64/dynamicrules is empty and attempts to build the so_rules fails
> with a segfault (probably because of the empty directory, nothing to work
> on). I will post a bug report at bug.gentoo.org unless you have any insight
> that this is my screw up!
> Thanks again
> Bill B
>> Howdy!
>> Just wanted to give an update on the current Snort ebuild and the
>> ebuilds for some snort related packages.
>> Snort-
>> This was committed to portage this afternoon, so it should hit the
>> mirror near you in the next 24-48 hrs. The ebuild was delayed due to a
>> bug we found when trying to compile with the dynamicplugins USE flag
>> disabled. The Sourcefire folks provided a patch for this.
>> The ebuild is currently stable for amd64 and unstable for x86. The
>> unstable is due to the prelude package being unstable. I'm considering
>> yanking support for Prelude from the ebuild. This is something that
>> should be handled by Barnyard2 anyways. If you are violently opposed
>> to dropping Prelude support, then shoot me an email. Also, I will
>> likely drop the ipv6 USE flag in the next version and hard code in
>> ipv6 support. This is due to the difference between ipv4 and ipv6 and
>> how that affects ipvar/portvar and var.
>> I've gotten a number of emails from Gentoo folks looking for
>> config.log and build.log when working bugs with SF. Since the build
>> environment gets cleaned up after the package is installed these were
>> not available. With the ebuild you can now find both of these
>> files in the "support" directory in the package's doc directory.
>> daq-0.5
>> This ebuild is currently stable for amd64 and unstable for x86. This
>> will likely stabilize when Snort does. This version does not have the
>> buffer_size_mb fix in it. I'll roll an -r1 version to include this fix
>> some time soon.
>> Barnyard2-1.9
>> This ebuild is marked unstable for both amd64 and x86. The ebuild is
>> fairly new, that is why it is not stabilized yet. There are some
>> issues with this ebuild. It currently only supports the database
>> output plugins and those plugins that get compiled by default. The is
>> no ipv6 support. Barnyard2 currently does not compile with
>> --enable-ipv6. I've bugged this upstream.
>> The above are all in the main portage tree. The following packages
>> have been committed to the Sunrise Overlay
>> (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's
>> to get these into the main distro tree, but they live in Sunrise for
>> now.
>> Pulledpork-0.5
>> No known issues.
>> daemonlogger-1.2.1
>> No known issues. Supports both tap and logging mode in the init scripts.
>> hogger-2.1
>> No known issues.
>> If you want to help out with any of these packages or you just want
>> access to them before they are committed to the trees, you can add my
>> Github repository as an overly https://github.com/wally3514/Gentoo.
>> This is a development space so YMMV.
>> thx,
>> Wally
>> ------------------------------------------------------------------------------
>> Free Software Download: Index, Search&  Analyze Logs and other IT data in
>> Real-Time with Splunk. Collect, index and harness all the fast moving IT
>> data
>> generated by your applications, servers and devices whether physical,
>> virtual
>> or in the cloud. Deliver compliance at lower cost and gain new business
>> insights. http://p.sf.net/sfu/splunk-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list