Snort mailing list archives
Re: Error using latest ruleset with Snort++
From: Jim Campbell <jim () w4bqp net>
Date: Sat, 15 Jul 2017 12:04:15 -0400
Snort -V now shows Hyperscan 4.4.0. Thank you ever so much. Now, as Dietrich likes to say: Onward!
On 7/15/2017 10:54 AM, Russ wrote:
Yes 4.4.0 is the minimum now, but luckily you don't need any of those other packages. However, you do need to patch hyperscan's build foo to get around sqlite3. Use the attached patch in your top-level hyperscan directory per the following and rebuild:patch -p1 < hs_no_sqlite3.diff On 7/15/17 8:26 AM, Jim Campbell wrote:Russ,I found why Snort 3 isn't picking up hyperscan. Noah's cookbook for installing Snort 3 has me getting hyperscan 4.2.0 but Snort is checking to see if 4.4.0 is installed.I attempted to install hyperscan 4.4.0 but CMake is looking for three prerequisites that I don't want to pursue now because it is past midnight. The three prereqs are Doxygen, Spinx and sqlite3. CMake whined about the first two but absolutely refused to go on for lack of sqlite3. I'll try to fix after a night's sleep.Jim On 7/14/2017 5:16 PM, Russ wrote:4. Your gid:138 rules are rejected by Snort 3 because you need hyperscan for sd_pattern. That is available for Intel platforms from https://github.com/01org/hyperscan.-- "We are not human beings having a spiritual experience; we are spiritual beings having a human experience." ---Pierre Teilhard de Chardin _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Error using latest ruleset with Snort++, (continued)
- Re: Error using latest ruleset with Snort++ Jim Campbell (Jul 13)
- Re: Error using latest ruleset with Snort++ Russ via Snort-users (Jul 14)
- Re: Error using latest ruleset with Snort++ Jim Campbell (Jul 14)
- Re: Error using latest ruleset with Snort++ Russ via Snort-users (Jul 14)
- Re: Error using latest ruleset with Snort++ Jim Campbell (Jul 14)
- Re: Error using latest ruleset with Snort++ João Soares via Snort-users (Jul 14)
- Re: Error using latest ruleset with Snort++ Russ via Snort-users (Jul 15)
- RES: Error using latest ruleset with Snort++ Renan Menezes via Snort-users (Jul 15)
- Re: Error using latest ruleset with Snort++ Jim Campbell (Jul 15)