[Snort-users] Problem to configure DAQ on SNORT

Kelevra Slevin kelevra19 at ...11827...
Thu Sep 12 21:49:34 EDT 2013


I already search for a solution to this problem on centOS, but I barely
found anything and when I found is another OS.
If someone knows a way to redirect to another lib, like libnetfilter_contrack,
I would apreciate the help.

One more thing, with this config Snort will work properly as an IDS?


On Thu, Sep 12, 2013 at 5:42 PM, Safwat <safwat1242 at ...11827...> wrote:

> We also have the same problem, and could not find solution ****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Kelevra Slevin [mailto:kelevra19 at ...11827...]
> *Sent:* Thursday, September 12, 2013 4:37 PM
> *To:* snort-users at lists.sourceforge.net
> *Subject:* [Snort-users] Problem to configure DAQ on SNORT****
>
> ** **
>
> I'm new using Snort and i'm having problem to compile DAQ with nfq module.
> At first I will use as IDS to get use with snort, but in future I would
> like to use snort as an ips on inline mode. I use cent os 6.****
>
> ** **
>
> After a google search I installed some recommend libs using this commands:
> ****
>
> yum install libnfnetlink*****
>
> yum install libnetfilter_contrack*****
>
>  ****
>
> The ./configure of daq:****
>
> checking for a BSD-compatible install... /usr/bin/install -c****
>
> checking whether build environment is sane... yes****
>
> checking for a thread-safe mkdir -p... /bin/mkdir -p****
>
> checking for gawk... gawk****
>
> checking whether make sets $(MAKE)... yes****
>
> checking for gcc... gcc****
>
> checking whether the C compiler works... yes****
>
> checking for C compiler default output file name... a.out****
>
> checking for suffix of executables... ****
>
> checking whether we are cross compiling... no****
>
> checking for suffix of object files... o****
>
> checking whether we are using the GNU C compiler... yes****
>
> checking whether gcc accepts -g... yes****
>
> checking for gcc option to accept ISO C89... none needed****
>
> checking for style of include used by make... GNU****
>
> checking dependency style of gcc... gcc3****
>
> checking build system type... x86_64-unknown-linux-gnu****
>
> checking host system type... x86_64-unknown-linux-gnu****
>
> checking how to print strings... printf****
>
> checking for a sed that does not truncate output... /bin/sed****
>
> checking for grep that handles long lines and -e... /bin/grep****
>
> checking for egrep... /bin/grep -E****
>
> checking for fgrep... /bin/grep -F****
>
> checking for ld used by gcc... /usr/bin/ld****
>
> checking if the linker (/usr/bin/ld) is GNU ld... yes****
>
> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B****
>
> checking the name lister (/usr/bin/nm -B) interface... BSD nm****
>
> checking whether ln -s works... yes****
>
> checking the maximum length of command line arguments... 1966080****
>
> checking whether the shell understands some XSI constructs... yes****
>
> checking whether the shell understands "+="... yes****
>
> checking how to convert x86_64-unknown-linux-gnu file names to
> x86_64-unknown-linux-gnu format... func_convert_file_noop****
>
> checking how to convert x86_64-unknown-linux-gnu file names to toolchain
> format... func_convert_file_noop****
>
> checking for /usr/bin/ld option to reload object files... -r****
>
> checking for objdump... objdump****
>
> checking how to recognize dependent libraries... pass_all****
>
> checking for dlltool... no****
>
> checking how to associate runtime and link libraries... printf %s\n****
>
> checking for ar... ar****
>
> checking for archiver @FILE support... @****
>
> checking for strip... strip****
>
> checking for ranlib... ranlib****
>
> checking command to parse /usr/bin/nm -B output from gcc object... ok****
>
> checking for sysroot... no****
>
> checking for mt... no****
>
> checking if : is a manifest tool... no****
>
> checking how to run the C preprocessor... gcc -E****
>
> checking for ANSI C header files... yes****
>
> checking for sys/types.h... yes****
>
> checking for sys/stat.h... yes****
>
> checking for stdlib.h... yes****
>
> checking for string.h... yes****
>
> checking for memory.h... yes****
>
> checking for strings.h... yes****
>
> checking for inttypes.h... yes****
>
> checking for stdint.h... yes****
>
> checking for unistd.h... yes****
>
> checking for dlfcn.h... yes****
>
> checking for objdir... .libs****
>
> checking if gcc supports -fno-rtti -fno-exceptions... no****
>
> checking for gcc option to produce PIC... -fPIC -DPIC****
>
> checking if gcc PIC flag -fPIC -DPIC works... yes****
>
> checking if gcc static flag -static works... no****
>
> checking if gcc supports -c -o file.o... yes****
>
> checking if gcc supports -c -o file.o... (cached) yes****
>
> checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports
> shared libraries... yes****
>
> checking whether -lc should be explicitly linked in... no****
>
> checking dynamic linker characteristics... GNU/Linux ld.so****
>
> checking how to hardcode library paths into programs... immediate****
>
> checking whether stripping libraries is possible... yes****
>
> checking if libtool supports shared libraries... yes****
>
> checking whether to build shared libraries... yes****
>
> checking whether to build static libraries... yes****
>
> checking for visibility support... yes****
>
> checking CFLAGS for gcc -Wall... -Wall****
>
> checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings****
>
> checking CFLAGS for gcc -Wsign-compare... -Wsign-compare****
>
> checking CFLAGS for gcc -Wcast-align... -Wcast-align****
>
> checking CFLAGS for gcc -Wextra... -Wextra****
>
> checking CFLAGS for gcc -Wformat... -Wformat****
>
> checking CFLAGS for gcc -Wformat-security... -Wformat-security****
>
> checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter****
>
> checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing****
>
> checking CFLAGS for gcc -fdiagnostics-show-option...
> -fdiagnostics-show-option****
>
> checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic
> -std=c99 -D_GNU_SOURCE****
>
> checking for getaddrinfo... yes****
>
> checking for flex... flex****
>
> checking for flex 2.4 or higher... yes****
>
> checking for bison... bison****
>
> checking linux/if_ether.h usability... yes****
>
> checking linux/if_ether.h presence... yes****
>
> checking for linux/if_ether.h... yes****
>
> checking linux/if_packet.h usability... yes****
>
> checking linux/if_packet.h presence... yes****
>
> checking for linux/if_packet.h... yes****
>
> checking pcap.h usability... yes****
>
> checking pcap.h presence... yes****
>
> checking for pcap.h... yes****
>
> checking for pcap_lib_version in -lpcap... yes****
>
> checking netinet/in.h usability... yes****
>
> checking netinet/in.h presence... yes****
>
> checking for netinet/in.h... yes****
>
> checking libipq.h usability... no****
>
> checking libipq.h presence... no****
>
> checking for libipq.h... no****
>
> checking for linux/netfilter.h... yes****
>
> checking for netinet/in.h... (cached) yes****
>
> checking libnetfilter_queue/libnetfilter_queue.h usability... no****
>
> checking libnetfilter_queue/libnetfilter_queue.h presence... no****
>
> checking for libnetfilter_queue/libnetfilter_queue.h... no****
>
> checking for linux/netfilter.h... (cached) yes****
>
> checking for pcap.h... (cached) yes****
>
> checking for pcap_lib_version... checking for pcap_lib_version in
> -lpcap... (cached) yes****
>
> checking for libpcap version >= "1.0.0"... yes****
>
> checking for dlopen in -ldl... yes****
>
> checking for inttypes.h... (cached) yes****
>
> checking for memory.h... (cached) yes****
>
> checking netdb.h usability... yes****
>
> checking netdb.h presence... yes****
>
> checking for netdb.h... yes****
>
> checking for netinet/in.h... (cached) yes****
>
> checking for stdint.h... (cached) yes****
>
> checking for stdlib.h... (cached) yes****
>
> checking for string.h... (cached) yes****
>
> checking sys/ioctl.h usability... yes****
>
> checking sys/ioctl.h presence... yes****
>
> checking for sys/ioctl.h... yes****
>
> checking sys/param.h usability... yes****
>
> checking sys/param.h presence... yes****
>
> checking for sys/param.h... yes****
>
> checking sys/socket.h usability... yes****
>
> checking sys/socket.h presence... yes****
>
> checking for sys/socket.h... yes****
>
> checking sys/time.h usability... yes****
>
> checking sys/time.h presence... yes****
>
> checking for sys/time.h... yes****
>
> checking for unistd.h... (cached) yes****
>
> checking for inline... inline****
>
> checking for size_t... yes****
>
> checking for uint16_t... yes****
>
> checking for uint32_t... yes****
>
> checking for uint64_t... yes****
>
> checking for uint8_t... yes****
>
> checking for stdlib.h... (cached) yes****
>
> checking for GNU libc compatible malloc... yes****
>
> checking for stdlib.h... (cached) yes****
>
> checking for unistd.h... (cached) yes****
>
> checking for sys/param.h... (cached) yes****
>
> checking for getpagesize... yes****
>
> checking for working mmap... yes****
>
> checking for gethostbyname... yes****
>
> checking for getpagesize... (cached) yes****
>
> checking for memset... yes****
>
> checking for munmap... yes****
>
> checking for socket... yes****
>
> checking for strchr... yes****
>
> checking for strcspn... yes****
>
> checking for strdup... yes****
>
> checking for strerror... yes****
>
> checking for strrchr... yes****
>
> checking for strstr... yes****
>
> checking for strtoul... yes****
>
> configure: creating ./config.status****
>
> config.status: creating Makefile****
>
> config.status: creating api/Makefile****
>
> config.status: creating os-daq-modules/Makefile****
>
> config.status: creating os-daq-modules/daq-modules-config****
>
> config.status: creating sfbpf/Makefile****
>
> config.status: creating config.h****
>
> config.status: config.h is unchanged****
>
> config.status: executing depfiles commands****
>
> config.status: executing libtool commands****
>
> ** **
>
> Build AFPacket DAQ module.. : yes****
>
> Build Dump DAQ module...... : yes****
>
> Build IPFW DAQ module...... : yes****
>
> Build IPQ DAQ module....... : no****
>
> Build NFQ DAQ module....... : no****
>
> Build PCAP DAQ module...... : yes****
>
> ** **
>
> Thanks in advance,****
>
> SK****
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130912/b4e08c4a/attachment.html>


More information about the Snort-users mailing list