Snort mailing list archives
Re: [Non-DoD Source] Re: Snort 2.9.8.0 no --enable-zlib option
From: "Gilbert, Sonia M CTR (US)" <sonia.m.gilbert.ctr () mail mil>
Date: Fri, 5 Feb 2016 04:07:52 +0000
Just wanted to give an update on this. I am trying to install snort properly and am getting multiple issues. One of the main issues is the install of pcre. When I install version 8.37 and the install snort, then issue snort-V, it is reflecting an older version of pcre than 8.37. I have found that file pcre.h inside the /usr/src/pcre-8.37 has the correct values. Inside the snort folder is file that calls up pcre.h named sp_pcre.h. How do I get snort to recognize the correct install and how can I verify that its using the correct one? Very green at all this and really appreciate any help you can provide. [root@ etc]# snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.8.0 GRE (Build 229) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.7.4 Using PCRE version: 7.8 2008-09-05 Using ZLIB version: 1.2.3 ###partial output from "more /usr/src/pcre-8.37/pcre.h" /* The current PCRE version information. */ #define PCRE_MAJOR 8 #define PCRE_MINOR 37 #define PCRE_PRERELEASE #define PCRE_DATE 2015-04-28 ###From sp_pcre [root@ etc]# more /usr/src/snort-2.9.8.0/src/detection-plugins/sp_pcre.h /* ** Copyright (C) 2003 Brian Caswell <bmc () snort org> ** Copyright (C) 2003 Michael J. Pomraning <mjp () securepipe com> ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. ** Copyright (C) 2003-2013 Sourcefire, Inc. ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as ** published by the Free Software Foundation. You may not use, modify or ** distribute this program under any other version of the GNU General ** Public License. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* I N C L U D E S **********************************************************/ /* D E F I N E S ************************************************************/ #ifndef __SNORT_PCRE_H__ #define __SNORT_PCRE_H__ // low nibble must be same as HTTP_BUFFER_* // see detection_util.h for enum #define SNORT_PCRE_HTTP_URI 0x00001 // check URI buffers #define SNORT_PCRE_HTTP_HEADER 0x00002 // Check HTTP header buffer #define SNORT_PCRE_HTTP_BODY 0x00003 // Check HTTP body buffer #define SNORT_PCRE_HTTP_METHOD 0x00004 // Check HTTP method buffer #define SNORT_PCRE_HTTP_COOKIE 0x00005 // Check HTTP cookie buffer #define SNORT_PCRE_HTTP_STAT_CODE 0x00006 #define SNORT_PCRE_HTTP_STAT_MSG 0x00007 #define SNORT_PCRE_HTTP_RAW_URI 0x00008 #define SNORT_PCRE_HTTP_RAW_HEADER 0x00009 #define SNORT_PCRE_HTTP_RAW_COOKIE 0x0000A #define SNORT_PCRE_HTTP_BUFS 0x0000F #define SNORT_PCRE_RELATIVE 0x00010 // relative to the end of the last match #define SNORT_PCRE_INVERT 0x00020 // invert detect #define SNORT_PCRE_RAWBYTES 0x00040 // Don't use decoded buffer (if available) #define SNORT_PCRE_ANCHORED 0x00080 #define SNORT_OVERRIDE_MATCH_LIMIT 0x00100 // Override default limits on match & match recursion void SetupPcre(void); #include <pcre.h> typedef struct _PcreData { pcre *re; /* compiled regex */ pcre_extra *pe; /* studied regex foo */ int options; /* sp_pcre specfic options (relative & inverse) */ char *expression; uint32_t search_offset; } PcreData; Thank you, Sonia Gilbert Regional Cyber Center-Pacific, CTR Defensive Cyber Operations Division (808) 438-0513 NIPR: Sonia.m.gilbert.ctr () mail mil -----Original Message----- From: Gilbert, Sonia M CTR (US) [mailto:sonia.m.gilbert.ctr () mail mil] Sent: Thursday, February 04, 2016 2:21 PM To: Snort-users () lists sourceforge net Subject: [Non-DoD Source] Re: [Snort-users] Snort 2.9.8.0 no --enable-zlib option All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- Sorry forgot to include capture: Issued the configure: ./configure --with-libpcre-libraries=/usr/local/bin/pcre837/lib --with-libpcre-includes=/usr/local/bin/pcre837/include --enable-zlib --enable-gre --enable-mpls --disable-debug --enable-sourcefire --enable-ppm --disable-corefiles --enable-react --enable-flexresp3 --enable-large-pcap --enable-targetbased --enable-perfprofiling --enable-reload --disable-non-ether-decoders --enable-normalizer --enable-active-response Abbreviated previous output: config.status: creating config.h config.status: config.h is unchanged config.status: executing depfiles commands config.status: executing libtool commands configure: WARNING: unrecognized options: --enable-zlib Configure help does not have an option for it: [root@SHAFM10ASWINT1 snort-2.9.8.0]# ./configure -help `configure' configures this package to adapt to many kinds of systems. Usage: ./configure [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print `checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for `--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or `..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [/usr/local] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-64bit-gcc Try to compile 64bit (only tested on Sparc Solaris 9 and 10). --enable-so-with-static-lib Enable linking of dynamically loaded preprocessors with a static preprocessor library --enable-control-socket Enable the control socket --enable-side-channel Enable the side channel (Experimental) --disable-static-daq Link static DAQ modules. --enable-build-dynamic-examples Enable building of example dynamically loaded preprocessor and rule (off by default) --disable-dlclose Only use if you are developing dynamic preprocessors or shared object rules. Disable (--disable-dlclose) for testing valgrind leaks in dynamic libraries so a usable backtrace is reported. Enabled by default. --disable-lzma Disable LZMA Decompression --disable-gre Disable GRE and IP in IP encapsulation support --disable-mpls Disable MPLS support --disable-targetbased Disable Target-Based Support in Stream, Frag, and Rules (adds pthread support implicitly) --disable-ppm Disable packet/rule performance monitor --disable-perfprofiling Disable preprocessor and rule performance profiling --enable-linux-smp-stats Enable statistics reporting through proc --enable-inline-init-failopen Enable Fail Open during initialization for Inline Mode (adds pthread support implicitly) --disable-pthread Disable pthread support --enable-debug-msgs Enable debug printing options (bugreports and developers only) --enable-debug Enable debugging options (bugreports and developers only) --enable-gdb Enable gdb debugging information --enable-profile Enable profiling options (developers only) --enable-test-coverage Enable gcov test coverage tracking (developers only) --disable-ppm-test Disable packet/rule performance monitor --enable-sourcefire Enable Sourcefire specific build options, encompasing --enable-perfprofiling and --enable-ppm --disable-corefiles Prevent Snort from generating core files --disable-active-response Disable reject injection --disable-normalizer Disable packet/stream normalizations --disable-reload Disable reloading a configuration without restarting --disable-reload-error-restart Disable restarting on reload error --enable-ha Enable high-availability state sharing (Experimental) --enable-non-ether-decoders Enable non Ethernet decoders. --disable-react Disable interception and termination of offending HTTP accesses --disable-flexresp3 Disable flexible responses (v3) on hostile connection attempts --enable-intel-soft-cpm Enable Intel Soft CPM support --enable-shared-rep Enable use of Shared Memory for Reputation (Linux only) --enable-large-pcap Enable support for pcaps larger than 2 GB --enable-file-inspect Build with extended file inspection features. (Experimental) --enable-open-appid Build with application id support. (Experimental) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). --with-libpcap-includes=DIR libpcap include directory --with-libpcap-libraries=DIR libpcap library directory --with-libpfring-includes=DIR libpfring include directory --with-libpfring-libraries=DIR libpfring library directory --with-daq-includes=DIR DAQ include directory --with-daq-libraries=DIR DAQ library directory --with-libpcre-includes=DIR libpcre include directory --with-libpcre-libraries=DIR libpcre library directory --with-openssl-includes=DIR openssl include directory --with-openssl-libraries=DIR openssl library directory --with-dnet-includes=DIR libdnet include directory --with-dnet-libraries=DIR libdnet library directory --with-lzma-includes=DIR liblzma include directory --with-lzma-libraries=DIR liblzma library directory --with-intel-soft-cpm-includes=DIR Intel Soft CPM include directory --with-intel-soft-cpm-libraries=DIR Intel Soft CPM library directory Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir> LIBS libraries to pass to the linker, e.g. -l<library> CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir> CPP C preprocessor SIGNAL_SNORT_RELOAD set the SIGNAL_SNORT_RELOAD value SIGNAL_SNORT_DUMP_STATS set the SIGNAL_SNORT_DUMP_STATS value SIGNAL_SNORT_ROTATE_STATS set the SIGNAL_SNORT_ROTATE_STATS value SIGNAL_SNORT_READ_ATTR_TBL set the SIGNAL_SNORT_READ_ATTR_TBL value PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path luajit_CFLAGS C compiler flags for luajit, overriding pkg-config luajit_LIBS linker flags for luajit, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. [root@SHAFM10ASWINT1 snort-2.9.8.0]# -----Original Message----- From: Gilbert, Sonia M CTR (US) Sent: Thursday, February 04, 2016 2:17 PM To: 'Snort-users () lists sourceforge net' <Snort-users () lists sourceforge net> Subject: Snort 2.9.8.0 no --enable-zlib option Dear Snort Community, I am trying to install Snort 2.9.8.0 and get the following warning: configure: WARNING: unrecognized options: --enable-zlib Was zlib replaced by utility? Sonia Gilbert Regional Cyber Center-Pacific, CTR Defensive Cyber Operations Division (808) 438-0513 NIPR: Sonia.m.gilbert.ctr () mail mil ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! Caution-http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: Caution-https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: Caution-http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit Caution-http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 2.9.8.0 no --enable-zlib option Gilbert, Sonia M CTR (US) (Feb 04)
- <Possible follow-ups>
- Re: Snort 2.9.8.0 no --enable-zlib option Gilbert, Sonia M CTR (US) (Feb 04)
- Re: [Non-DoD Source] Re: Snort 2.9.8.0 no --enable-zlib option Gilbert, Sonia M CTR (US) (Feb 04)
- Re: Snort 2.9.8.0 no --enable-zlib option Ed Borgoyn (eborgoyn) (Feb 05)