Snort mailing list archives

Re: Snortsam with snort

From: quocviet nguyen <nguyenquocviet.2010 () gmail com>
Date: Mon, 4 Nov 2013 10:38:25 +0700

hi Luis Daniel,

I see, snortsam-plugin on Barnyard2 , I have installed barnyard2-1.9, it
works fine and great ! , but it don't support snortsam-plugin. So I
upgrade Barnyard2
- version 2-1.10 , i compile source with command:


./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql

great, there weren't error. Then I type command : make

unfortunately, I get this error:

/export/home/pb2/build/sb_0-3159149-1301581932.71/rpm/BUILD/mysql-5.5.11/mysql-5.5.11/sql-common/client_plugin.c:178:
undefined reference to `dlclose'
/usr/lib64/mysql/libmysqlclient.a(client_plugin.c.o): In function
`mysql_client_plugin_deinit':
/export/home/pb2/build/sb_0-3159149-1301581932.71/rpm/BUILD/mysql-5.5.11/mysql-5.5.11/sql-common/client_plugin.c:275:
undefined reference to `dlclose'
/usr/lib64/mysql/libmysqlclient.a(client_plugin.c.o): In function
`mysql_load_plugin_v':
/export/home/pb2/build/sb_0-3159149-1301581932.71/rpm/BUILD/mysql-5.5.11/mysql-5.5.11/sql-common/client_plugin.c:349:
undefined reference to `dlopen'
/export/home/pb2/build/sb_0-3159149-1301581932.71/rpm/BUILD/mysql-5.5.11/mysql-5.5.11/sql-common/client_plugin.c:377:
undefined reference to `dlsym'
/export/home/pb2/build/sb_0-3159149-1301581932.71/rpm/BUILD/mysql-5.5.11/mysql-5.5.11/sql-common/client_plugin.c:369:
undefined reference to `dlerror'
/export/home/pb2/build/sb_0-3159149-1301581932.71/rpm/BUILD/mysql-5.5.11/mysql-5.5.11/sql-common/client_plugin.c:380:
undefined reference to `dlclose'
collect2: ld returned 1 exit status
make[3]: *** [barnyard2] Error 1
make[3]: Leaving directory `/[source-install]/barnyard2-stable/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/[source-install]/barnyard2-stable/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/[source-install]/barnyard2-stable'
make: *** [all] Error 2


I goooled to solve this problem but unsuccess, could you give me
recommendation?

thanks.



On Mon, Nov 4, 2013 at 1:40 AM, Luis Daniel Lucio Quiroz <
luis.daniel.lucio () gmail com> wrote:

I have been maintaining snortsam patch for a little while, please
check Mageia3 and mageia4 (beta) sRPm so you get an idea of process,

2013/11/3 quocviet nguyen <nguyenquocviet.2010 () gmail com>:

hi all,

I have installed Snort Version 2.9.4.6 GRE (Build 73) on Centos 5.5,
everything works ok.

I try to install snortsam, I follow this tutorial :
http://doc.emergingthreats.net/bin/view/Main/SnortSamINSTALL


I have installed snortsam and then snortsam-pluin for firewall iptables,

download snortsam-patch-2.8.tar.gz to patch [source install snort ] but
unsuccess , finally i decide patch version snortsam-2.9.5.3-2.diff.gz ,

but

still unsuccess.

I try to recompile source snort
#  ./configure --enable-dynamicplugin --enable-react --enable-flexresp3
--with-libpcap-includes=/usr/local/lib

and

# make

I receive this error :

spo_alert_fwsam.c:115: error: expected â=â, â,â, â;â, âasmâ or
â__attribute__â before âpvâ
spo_alert_fwsam.c: In function âAlertFWsamSetupâ:
spo_alert_fwsam.c:143: error: âNT_OUTPUT_ALERTâ undeclared (first use in
this function)
spo_alert_fwsam.c:143: error: (Each undeclared identifier is reported

only

once
spo_alert_fwsam.c:143: error: for each function it appears in.)
spo_alert_fwsam.c:143: warning: passing argument 3 of

âRegisterOutputPluginâ

from incompatible pointer type
spo_alert_fwsam.c:144: warning: implicit declaration of function
âRegisterPluginâ
spo_alert_fwsam.c: In function âAlertFWsamInitâ:
spo_alert_fwsam.c:197: error: âpvâ undeclared (first use in this

function)

spo_alert_fwsam.c:253: warning: pointer targets in assignment differ in
signedness
spo_alert_fwsam.c:393: error: âNT_OUTPUT_ALERTâ undeclared (first use in
this function)
spo_alert_fwsam.c:395: warning: implicit declaration of function
âAddFuncToRestartListâ
spo_alert_fwsam.c: In function âFWsamNewStationKeyâ:
spo_alert_fwsam.c:663: warning: pointer targets in passing argument 1 of
â__builtin_strncpyâ differ in signedness
spo_alert_fwsam.c:679: warning: pointer targets in passing argument 2 of
âstrcpyâ differ in signedness
spo_alert_fwsam.c:681: warning: pointer targets in passing argument 1 of
âTwoFishInitâ differ in signedness
spo_alert_fwsam.c: In function âAlertFWsamâ:
spo_alert_fwsam.c:836: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:905: warning: passing argument 2 of âTwoFishEncryptâ

from

incompatible pointer type
spo_alert_fwsam.c:908: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:930: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:939: warning: pointer targets in assignment differ in
signedness
spo_alert_fwsam.c:940: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:940: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:946: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:946: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:973: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:978: warning: pointer targets in assignment differ in
signedness
spo_alert_fwsam.c:979: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:979: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:985: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:985: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:999: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1004: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1009: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1042: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1047: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1052: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1062: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1072: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c: In function âFWsamCheckOutâ:
spo_alert_fwsam.c:1121: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1141: warning: passing argument 2 of âTwoFishEncryptâ

from

incompatible pointer type
spo_alert_fwsam.c:1156: warning: pointer targets in assignment differ in
signedness
spo_alert_fwsam.c:1157: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:1157: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:1163: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:1163: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:1177: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c: In function âFWsamCheckInâ:
spo_alert_fwsam.c:1256: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1258: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1274: warning: passing argument 2 of âTwoFishEncryptâ

from

incompatible pointer type
spo_alert_fwsam.c:1276: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1290: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1292: warning: pointer targets in assignment differ in
signedness
spo_alert_fwsam.c:1293: warning: pointer targets in passing argument 1 of
âTwoFishDecryptâ differ in signedness
spo_alert_fwsam.c:1293: warning: passing argument 2 of âTwoFishDecryptâ

from

incompatible pointer type
spo_alert_fwsam.c:1320: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1325: error: incompatible type for argument 1 of
âsfip_to_strâ
spo_alert_fwsam.c:1330: error: incompatible type for argument 1 of
âsfip_to_strâ
make[3]: *** [spo_alert_fwsam.o] Error 1
make[3]: Leaving directory
`/usr/nqviet/snort/snort-2.9.4.6/src/output-plugins'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/nqviet/snort/snort-2.9.4.6/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/nqviet/snort/snort-2.9.4.6'
make: *** [all] Error 2


Can you help me?

thanks.

--
viet

------------------------------------------------------------------------------

Android is increasing in popularity, but the open development platform

that

developers love is also attractive to malware creators. Download this

white

paper to learn more about secure code signing practices that can help

keep

Android apps secure.

http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest

Snort

news!




-- 
viet

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snortsam with snort quocviet nguyen (Nov 03)
- Re: Snortsam with snort Luis Daniel Lucio Quiroz (Nov 03)
  - Re: Snortsam with snort quocviet nguyen (Nov 03)
    - Re: Snortsam with snort quocviet nguyen (Nov 04)