[Snort-users] Snort + PF_RING + DAQ

livio Ricciulli livio at ...15149...
Thu Aug 30 18:48:37 EDT 2012

The instructions on the pdf on the Snort site were outdated; sorry.
Both https://www.metaflows.com/technology/pf-ring/
and the included pdf should work.
Make sure you do

yum -y install libdnet kernel-devel libtool subversion automake make 
autoconf pcre-devel flex bison byacc gcc zlib-devel gcc-c++

before doing anything else.

We do not use the latest versions of PF_RING and daq because they keep 
changing too quickly
for us to do proper QA. The combination of versions in our instructions 
seem to be extremely stable.. If you
want to venture with the latest versions, please let us know how it goes..


On 08/29/2012 12:12 PM, Eric Luellen wrote:
> Hello,
> I've been playing around with PR_RING lately on Snort and haven't had 
> a whole lot of luck. I've followed the instructures found here 
> <http://www.snort.org/assets/186/PF_RING_Snort_Inline_Instructions.pdf> with 
> minimal success. I've ran into various compile errors and it always 
> seems to be around the pfring-daq-module. Are there any prebuilt RPMs 
> or updated instructions using the latest version of all of the 
> programs in question? I've tried a few combinations and have read how 
> some of the older DAQ versions are no longer supported and others have 
> had issues with the newer version. So any help or links to new guides 
> would be greatly appreciated.
> Eric
> --
>   The sender of this email subscribes to Perimeter E-Security's email
>   anti-virus service. This email has been scanned for malicious code and is
>   believed to be virus free. For more information on email security please
>   visit: http://www.perimeterusa.com/services/messaging
>   This communication is confidential, intended only for the named recipient(s)
>   above and may contain trade secrets or other information that is exempt from
>   disclosure under applicable law. Any use, dissemination, distribution or
>   copying of this communication by anyone other than the named recipient(s) is
>   strictly prohibited. If you have received this communication in error, please
>   delete the email and immediately notify our Command Center at 203-541-3444.
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120830/111a4389/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: PF_RING Snort Inline Instructions_daq_062.pdf
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120830/111a4389/attachment.ksh>

More information about the Snort-users mailing list