[Snort-users] Problems compiling SnortSam on OpenBSD

ML mail mlnospam at ...131...
Wed Sep 5 12:19:56 EDT 2012


The "problem" here is that my snort IDS/IPS (Linux) is not on the same physical machine as the firewall (OpenBSD). As such I need at least the snortsam agent running on my firewall (what I am trying to compile here) in order to establish a communication between the IPS and firewall. 

So as it is true that I could use the very latest Barnyard2 with snortsam capability built in, I would still require on the firewall side a snortsam agent. That's so far from my understanding. Maybe I missed something here? or do you have an alternative solution? 

Best regards,
ML



----- Original Message -----
From: Joel Esler <jesler at ...1935...>
To: ML mail <mlnospam at ...131...>
Cc: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>
Sent: Wednesday, September 5, 2012 6:03 PM
Subject: Re: [Snort-users] Problems compiling SnortSam on OpenBSD

I recommend using the latest git version of barnyard2 which has snortsam capability built in.  Support for SnortSam compiled directly into Snort hasn't been done in a long time I believe.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Sep 5, 2012, at 11:24 AM, ML mail <mlnospam at ...131...> wrote:

> Hi,
> 
> I would like to integrate SnortSam in my Snort installation and therefore I am currently trying to compile the latest version 2.70 of it on OpenBSD 4.9 (i386). It looks like I can't get it to compile as I get some errors and no snortsam binary at the end :(
> 
> Here is the output of makeshortsam.sh:
> 
> -------------------------------------------------------------------------------
> 
> Building SnortSam (release)
> -------------------------------------------------------------------------------
> ssp_pf.c: In function 'PFParse':
> ssp_pf.c:134: error: storage size of 'paddr' isn't known
> ssp_pf.c:221: error: 'DIOCBEGINADDRS' undeclared (first use in this function)
> ssp_pf.c:221: error: (Each undeclared identifier is reported only once
> ssp_pf.c:221: error: for each function it appears in.)
> ssp_pf.c:230: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:293: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:356: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:420: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:463: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> -------------------------------------------------------------------------------
> Building SnortSam (debug)
> -------------------------------------------------------------------------------
> ssp_pf.c: In function 'PFParse':
> ssp_pf.c:134: error: storage size of 'paddr' isn't known
> ssp_pf.c:221: error: 'DIOCBEGINADDRS' undeclared (first use in this function)
> ssp_pf.c:221: error: (Each undeclared identifier is reported only once
> ssp_pf.c:221: error: for each function it appears in.)
> ssp_pf.c:230: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:293: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:356: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:420: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> ssp_pf.c:463: error: 'struct pfioc_rule' has no member named 'pool_ticket'
> Done.
> 
> Anyone know what is going wrong here?
> 
> Best,
> ML
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list