RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9

[Elvira_Byrnes () mobileinnovations com au]

Hi Mike

Thanks a lot for your instructions. I e-mailed them home to have a good look
tonite after work. But I have something to boast!!!

I got my Snort to work on the upgraded (work) machine!!! I wanted to make 3
snort instances on 3 network cards (the 4th one will be for connectivity).
Basically I copied the binaries and rules files into my /sotware directory,
untarred it in there so I had snort-1.9.1 and snort-2.0.0 directories. I
removed the old snort file from /etc/init.d and removed the snort.conf.
Instead I put the new versions that came with snort 2.0.0. Then I configured
them for mysql and with the path for the rules. It didn't seem to work. So I
decided to delete the 3 databases (border, dmz, lan) that the previous
create_mysql created, as I thougt snort 2.0.0 had a different one (have 3
instanced of Acid running). Then I re-created these databases and ran
create_mysql on them to create new tables. I am not sure at this stage if
they are anything different from what they were. I restarted the computer,
plugged one interface at a time into the lan just to test and every
interface worked, it logged things to its own database, and I could see it
all on Snort. For the test purposes I added a few rules into local.rules
(they were any any tcp, updp, icmp, ip). Then ran a GFI Lan Scan. I got lots
of data.

The only weird leftover I have from the upgrade (that I know of) is that I
can't run mysql or mysql -p commands unless I manually each time add
PATH=$PATH:usr/local/mysql/bin if I reboot my machine. I have these
/usr/local/mysql/lib/mysql and /usr/local/lib in /etc/ld.so.conf, and I ran
ldconfig, but when I echo $PATH these lines don't come up on the path until
I add them manually. I am wondering if this is a glitch in RedHat 9.0?

I am sure that RedHat 9.0 has a glitch for PHP. As PHP wouldn't run on my
home 9.0 that was freshly installed not upgraded like my machine at work.
PHP works fine on the upgraded machine. Very weird....

Last night I reinstalled 8.0 version on the home machine and tonite I am
going to install snort 2.0 on it to see if there is a PHP problem. I don't
think there will be.

I used the guide by Patrick Harper "Snort 1.9.1, Apache 1.3.27, PHP 4.3.1,
MySQL 3.23.55 and Acid 0.9.6b23 install on RedHat 8.0". It is a brilliant
guide. It was e-mailed to snort-users some time ago.





-----Original Message-----
From: Mike Chandler [mailto:mchandl12000 () yahoo com]
Sent: Friday, 18 April 2003 5:51 AM
To: Elvira_Byrnes () mobileinnovations com au;
snort-users () lists sourceforge net
Subject: RE: [Snort-users] Problem with Snort 2.0.0 and MySQL Client
with Redhat 9


Sorry Elvira, I missed your query on how I installed
Snort 2.0.0.  I installed Redhat 9.0, then installed
mysql 3.23.53a, from rpm's the same way I did it for
RH 8.0.  Then I downloaded the tar file for Snort
2.0.0 and put it in a new directory named
Snort-Install.  Then I used tar zxvf
Snort-2.0.0.tar.gz and then cd'd to the Snort-2.0.0
directory.  I used ./configure --prefix=/usr
--with-mysql=/usr.  Then did a make and a make
install.  I am pretty sure that I had to copy the
snort.conf and rules files from the
/Snort-Install/Snort-2.0.0/etc directory intall my
/etc/snort directory and I had to copy the new snort
binary to /usr/sbin directory.  Then I started Snort
with "snort -v -c /etc/snort/snort.conf" and got the
error message.  If I reconfigured snort with
"./configure --prefix=/usr" and left out the
"--with-mysql=/usr" snort ran fine.  I'm not positive
but I'm pretty sure I had previously installed snort
1.9.1 on RH 9.0 and everything worked.  One caveat on
this is that ther are a few steps I left out like
creating the snort database in mysql and building the
tables but I expect you are familiar with that.  One
of the best writeups I have seen for snort on Redhat
is the Snort install Manual for Snort, Mysql, and Acid
on Redhat 7.3 on the Snort website.
--- Elvira_Byrnes () mobileinnovations com au wrote:
> Hi Mike
>
> I used to have RedHat 8.0 with MySQL 4.0.12 and some
> glibc. After a couple
> of months I finally got Snort 1.9.1 to work and
> realized there is RH9.0 and
> Snort 2.0. I upgraded 8.0 to 9.0 and my Snort still
> works. And the system
> shows that I still have the same  MySQL version and
> it shows glibc as 2.3.2.
> I am about to try and upgrade Snort to 2.0 now. I
> will see what errors I
> will get.
>
> How did you go about upgrading Snort to 2.0?
>
> Thanks.
>
> Regards
>
> Elvira
>
> -----Original Message-----
> From: Mike Chandler [mailto:mchandl12000 () yahoo com]
> Sent: Wednesday, 16 April 2003 3:25 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Problem with Snort 2.0.0 and
> MySQL Client with
> Redhat 9
>
>
> I upgraded to Snort 2.0.0 compiling with
> --with-mysql
> flag and everything worked fine.  Snort could
> connect
> to MySQL.  Then I decided to complete the upgrade
> and
> went to redhat 9.0 with MySQL 3.23.53a and
> reinstalled
> Snort 2.0.0, compiling with --with--mysql flag.  I
> get
> an error like the one below.
> *******************************************
> root@Laptop root]# snort -v
> snort: relocation error:
> /usr/lib/libmysqlclient.so.10: symbol errno, version
> GLIBC_2.0 not defined in file libc.so.6 with link
> time
> reference
> *******************************************
> Apparently Redhat 9.0 uses glibc 2.3.2.
>
> Using MySQL 4.x doesn't seem to be an option
>
> Does anyone have a clue on how I can fix this?
>
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo
> http://search.yahoo.com
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> ******************** Confidentiality Statement
> *************************** 
>
> This message contains privileged and confidential
> information intended only
> for the use of the addressee named above.  If you
> are not the intended
> recipient of this message, you must not disseminate,
> copy or take any action
> in reliance on it.  If you have received this
> message in error, please
> delete it from your system and notify the sender
> immediately.  Any views
> expressed in this message are those of the
> individual sender, except where
> the sender specifically states them to be the view
> of the company.


__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com


******************** Confidentiality Statement *************************** 

This message contains privileged and confidential information intended only
for the use of the addressee named above.  If you are not the intended
recipient of this message, you must not disseminate, copy or take any action
in reliance on it.  If you have received this message in error, please
delete it from your system and notify the sender immediately.  Any views
expressed in this message are those of the individual sender, except where
the sender specifically states them to be the view of the company.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users