Snort mailing list archives
Re: Gentoo Linux Snort Users
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Thu, 24 Feb 2011 16:34:07 -0500
Billy, "as the patch fails when emerging the new ebuild" which patch are you referring to? /usr/lib64/dynamicrules is empty because the so_rules are not shipped with the snort package. That directory is the drop zone for the SO rules you should pull with pulledpork. Wally On Thu, Feb 24, 2011 at 4:19 PM, NA <dustypath () comcast net> wrote:
Thank you very much for your work, I was just lamenting this morning over a new install of 2.9.03 that FPs all over the place compared to 2.9.0.4! I am having trouble though as the patch fails when emerging the new ebuild. I was having trouble with dynamic detection already, the directory /usr/lib64/dynamicrules is empty and attempts to build the so_rules fails with a segfault (probably because of the empty directory, nothing to work on). I will post a bug report at bug.gentoo.org unless you have any insight that this is my screw up! Thanks again Bill BHowdy! Just wanted to give an update on the current Snort ebuild and the ebuilds for some snort related packages. Snort-2.9.0.4 This was committed to portage this afternoon, so it should hit the mirror near you in the next 24-48 hrs. The ebuild was delayed due to a bug we found when trying to compile with the dynamicplugins USE flag disabled. The Sourcefire folks provided a patch for this. The ebuild is currently stable for amd64 and unstable for x86. The unstable is due to the prelude package being unstable. I'm considering yanking support for Prelude from the ebuild. This is something that should be handled by Barnyard2 anyways. If you are violently opposed to dropping Prelude support, then shoot me an email. Also, I will likely drop the ipv6 USE flag in the next version and hard code in ipv6 support. This is due to the difference between ipv4 and ipv6 and how that affects ipvar/portvar and var. I've gotten a number of emails from Gentoo folks looking for config.log and build.log when working bugs with SF. Since the build environment gets cleaned up after the package is installed these were not available. With the 2.9.0.4 ebuild you can now find both of these files in the "support" directory in the package's doc directory. daq-0.5 This ebuild is currently stable for amd64 and unstable for x86. This will likely stabilize when Snort does. This version does not have the buffer_size_mb fix in it. I'll roll an -r1 version to include this fix some time soon. Barnyard2-1.9 This ebuild is marked unstable for both amd64 and x86. The ebuild is fairly new, that is why it is not stabilized yet. There are some issues with this ebuild. It currently only supports the database output plugins and those plugins that get compiled by default. The is no ipv6 support. Barnyard2 currently does not compile with --enable-ipv6. I've bugged this upstream. The above are all in the main portage tree. The following packages have been committed to the Sunrise Overlay (http://overlays.gentoo.org/proj/sunrise). I'm working with the dev's to get these into the main distro tree, but they live in Sunrise for now. Pulledpork-0.5 No known issues. daemonlogger-1.2.1 No known issues. Supports both tap and logging mode in the init scripts. hogger-2.1 No known issues. If you want to help out with any of these packages or you just want access to them before they are committed to the trees, you can add my Github repository as an overly https://github.com/wally3514/Gentoo. This is a development space so YMMV. thx, Wally ------------------------------------------------------------------------------ Free Software Download: Index, Search& Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Nigel Houghton (Feb 24)
- Re: Gentoo Linux Snort Users NA (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users NA (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users NA (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
- Re: Gentoo Linux Snort Users Jason Wallace (Feb 25)