Menu
▾
▴
[libidmef-users] Re: Snort with idmef support
|
From: Joe M. <jo...@Si...> - 2002-07-08 17:54:56
|
Hello Ricardo, Sorry for the message delay, I was on holiday this past week. Glad to hear you are interested in working with IDMEF. I think I know where the problem is. The current IDMEF plugin requires libidmef 0.6.3 and not 0.7.X. A newer version of the plugin that is compatible with libidmef 0.7.2 (with IDXP incorporated) is being developed, but has been delayed due to complications with IDXP. Ryan Ripken is heading that effort. He may be able to give you a better time frame then I. Please let us know if you run into further problems. Good luck! -Joe M. -- Joe McAlerney Silicon Defense: IDS Solutions Ricardo Lebre wrote: > > Hi Joe, my name is Ricardo. I'm sorry to bother you with such a small > matter question, but i'm having a problem compiling Sort with idmef > support. When I run configure: > > " ./configure --enable-idmef --enable-flexresp > --with-libxml2-includes=/usr/local/include/libxml2/ > --with-libntp-libraries=/usr/local/src/ntp-4.1.1a/" > > I get the following: > > " > checking for snprintf... yes > checking for strlcpy... no > checking for strlcat... no > checking for strerror... yes > checking for floor in -lm... yes > checking for pcap_datalink in -lpcap... yes > checking for gzopen in -lz... yes > checking for /usr/local/include/libxml2//libxml/tree.h... yes > checking for xmlNewNode in -lxml2... yes > checking for ntp source directory (includes and libraries)... yes > checking for /usr/local/include/libidmef/idmefxml.h... yes > checking for newIDMEF_Message in -lidmef... no > configure: error: libidmef library (idmef) not found in /usr/local/lib > " > > Although my /usr/local/lib's content is the following: > "/usr/local/lib/libidmef.a /usr/local/lib/libidmef.so > /usr/local/lib/libidmef.so.0.7.2 > /usr/local/lib/libidmef.la /usr/local/lib/libidmef.so.0" > > Is there anything i'm doing wrong. Any ideas would be appreciated... > > Just one other thing. I've read at Snort-users that you were working > with some people at Harvey Mudd to incorporate the IDXP transport > protocol in with the plugin. Are you still working on it? Do you have a > forecast when it will be ready? > > Thanks in advance, > > Ricardo Lebre > INESC-ID, GSD |
