Snort mailing list archives
RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9
From: Elvira_Byrnes () mobileinnovations com au
Date: Wed, 23 Apr 2003 15:37:33 +1000
Hi Mike Thanks a lot for your instructions. I e-mailed them home to have a good look tonite after work. But I have something to boast!!! I got my Snort to work on the upgraded (work) machine!!! I wanted to make 3 snort instances on 3 network cards (the 4th one will be for connectivity). Basically I copied the binaries and rules files into my /sotware directory, untarred it in there so I had snort-1.9.1 and snort-2.0.0 directories. I removed the old snort file from /etc/init.d and removed the snort.conf. Instead I put the new versions that came with snort 2.0.0. Then I configured them for mysql and with the path for the rules. It didn't seem to work. So I decided to delete the 3 databases (border, dmz, lan) that the previous create_mysql created, as I thougt snort 2.0.0 had a different one (have 3 instanced of Acid running). Then I re-created these databases and ran create_mysql on them to create new tables. I am not sure at this stage if they are anything different from what they were. I restarted the computer, plugged one interface at a time into the lan just to test and every interface worked, it logged things to its own database, and I could see it all on Snort. For the test purposes I added a few rules into local.rules (they were any any tcp, updp, icmp, ip). Then ran a GFI Lan Scan. I got lots of data. The only weird leftover I have from the upgrade (that I know of) is that I can't run mysql or mysql -p commands unless I manually each time add PATH=$PATH:usr/local/mysql/bin if I reboot my machine. I have these /usr/local/mysql/lib/mysql and /usr/local/lib in /etc/ld.so.conf, and I ran ldconfig, but when I echo $PATH these lines don't come up on the path until I add them manually. I am wondering if this is a glitch in RedHat 9.0? I am sure that RedHat 9.0 has a glitch for PHP. As PHP wouldn't run on my home 9.0 that was freshly installed not upgraded like my machine at work. PHP works fine on the upgraded machine. Very weird.... Last night I reinstalled 8.0 version on the home machine and tonite I am going to install snort 2.0 on it to see if there is a PHP problem. I don't think there will be. I used the guide by Patrick Harper "Snort 1.9.1, Apache 1.3.27, PHP 4.3.1, MySQL 3.23.55 and Acid 0.9.6b23 install on RedHat 8.0". It is a brilliant guide. It was e-mailed to snort-users some time ago. -----Original Message----- From: Mike Chandler [mailto:mchandl12000 () yahoo com] Sent: Friday, 18 April 2003 5:51 AM To: Elvira_Byrnes () mobileinnovations com au; snort-users () lists sourceforge net Subject: RE: [Snort-users] Problem with Snort 2.0.0 and MySQL Client with Redhat 9 Sorry Elvira, I missed your query on how I installed Snort 2.0.0. I installed Redhat 9.0, then installed mysql 3.23.53a, from rpm's the same way I did it for RH 8.0. Then I downloaded the tar file for Snort 2.0.0 and put it in a new directory named Snort-Install. Then I used tar zxvf Snort-2.0.0.tar.gz and then cd'd to the Snort-2.0.0 directory. I used ./configure --prefix=/usr --with-mysql=/usr. Then did a make and a make install. I am pretty sure that I had to copy the snort.conf and rules files from the /Snort-Install/Snort-2.0.0/etc directory intall my /etc/snort directory and I had to copy the new snort binary to /usr/sbin directory. Then I started Snort with "snort -v -c /etc/snort/snort.conf" and got the error message. If I reconfigured snort with "./configure --prefix=/usr" and left out the "--with-mysql=/usr" snort ran fine. I'm not positive but I'm pretty sure I had previously installed snort 1.9.1 on RH 9.0 and everything worked. One caveat on this is that ther are a few steps I left out like creating the snort database in mysql and building the tables but I expect you are familiar with that. One of the best writeups I have seen for snort on Redhat is the Snort install Manual for Snort, Mysql, and Acid on Redhat 7.3 on the Snort website. --- Elvira_Byrnes () mobileinnovations com au wrote:
Hi Mike I used to have RedHat 8.0 with MySQL 4.0.12 and some glibc. After a couple of months I finally got Snort 1.9.1 to work and realized there is RH9.0 and Snort 2.0. I upgraded 8.0 to 9.0 and my Snort still works. And the system shows that I still have the same MySQL version and it shows glibc as 2.3.2. I am about to try and upgrade Snort to 2.0 now. I will see what errors I will get. How did you go about upgrading Snort to 2.0? Thanks. Regards Elvira -----Original Message----- From: Mike Chandler [mailto:mchandl12000 () yahoo com] Sent: Wednesday, 16 April 2003 3:25 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Problem with Snort 2.0.0 and MySQL Client with Redhat 9 I upgraded to Snort 2.0.0 compiling with --with-mysql flag and everything worked fine. Snort could connect to MySQL. Then I decided to complete the upgrade and went to redhat 9.0 with MySQL 3.23.53a and reinstalled Snort 2.0.0, compiling with --with--mysql flag. I get an error like the one below. ******************************************* root@Laptop root]# snort -v snort: relocation error: /usr/lib/libmysqlclient.so.10: symbol errno, version GLIBC_2.0 not defined in file libc.so.6 with link time reference ******************************************* Apparently Redhat 9.0 uses glibc 2.3.2. Using MySQL 4.x doesn't seem to be an option Does anyone have a clue on how I can fix this? __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
******************** Confidentiality Statement *************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please delete it from your system and notify the sender immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the company.
__________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ******************** Confidentiality Statement *************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please delete it from your system and notify the sender immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the company. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9 Elvira_Byrnes (Apr 22)
- RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9 Patrick S. Harper (Apr 23)
- Fixed My Problems with Snort 2.0.0 and MySQL Client with Redhat 9 Mike Chandler (Apr 23)
- RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9 Patrick S. Harper (Apr 23)