Menu
▾
▴
snort-inline-users — The goal of this list is to help users debug/use snort_inline
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(15) |
Jun
(23) |
Jul
(54) |
Aug
(20) |
Sep
(18) |
Oct
(19) |
Nov
(36) |
Dec
(30) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(48) |
Feb
(16) |
Mar
(36) |
Apr
(36) |
May
(45) |
Jun
(47) |
Jul
(93) |
Aug
(29) |
Sep
(28) |
Oct
(42) |
Nov
(45) |
Dec
(53) |
| 2005 |
Jan
(62) |
Feb
(51) |
Mar
(65) |
Apr
(28) |
May
(57) |
Jun
(23) |
Jul
(24) |
Aug
(72) |
Sep
(16) |
Oct
(53) |
Nov
(53) |
Dec
(3) |
| 2006 |
Jan
(56) |
Feb
(6) |
Mar
(15) |
Apr
(14) |
May
(35) |
Jun
(57) |
Jul
(35) |
Aug
(7) |
Sep
(22) |
Oct
(16) |
Nov
(18) |
Dec
(9) |
| 2007 |
Jan
(8) |
Feb
(3) |
Mar
(11) |
Apr
(35) |
May
(6) |
Jun
(10) |
Jul
(26) |
Aug
(4) |
Sep
|
Oct
(29) |
Nov
|
Dec
(7) |
| 2008 |
Jan
(1) |
Feb
(2) |
Mar
(2) |
Apr
(13) |
May
(8) |
Jun
(3) |
Jul
(19) |
Aug
(20) |
Sep
(6) |
Oct
(5) |
Nov
|
Dec
(4) |
| 2009 |
Jan
(1) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(10) |
Jul
(2) |
Aug
(5) |
Sep
|
Oct
(1) |
Nov
|
Dec
(5) |
| 2010 |
Jan
(10) |
Feb
(10) |
Mar
(2) |
Apr
|
May
(7) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2011 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Roland T. <raz...@co...> - 2003-07-28 09:50:15
|
josh wrote:
> When I send a message with the text "abcdefg" I see the dropped packet
> in /var/log/snort/alerts. The message though still gets sent with the
> "abcdefg" text in the message body. Messages with the "abcdefg" content
> in the body take several minutes to be sent while regular message are
> sent immidiately. I am running snort_inline-2.0.0-1. The mail server is
> Sendmail 8.12.9. Does anybody know why the message is being sent?
Post a trace of the actual traffic between the hosts in question.
('tethereal -i any -n -V tcp port 25' is particularly good for this.)
{{ My wild guess is that TCP is responding to your dropping a datagram
mid-stream by assuming packet loss in the network and trying to perform
PMTUD by reducing segment sizes until a segment boundary happens to
partition the match string. Do you have defragmentation and stream
re-assembly turned on? }}
- Raz
|
|
From: <sho...@ic...> - 2003-07-28 06:39:24
|
Hi, I would suggest using the flags rule option to filter all with the A+ on. try it. might just work. Shom Quoting Rob McMillen <rv...@ca...>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hmm.. Looks like tcp is doing its job by resending packets that are lost > :(. Can you give additional information about your system? > > uname -a > snort_inline configuration > how are you sending packets to snort_inline > what other rules are you using > etc. > > Thanks, > > Rob > > On Sun, 27 Jul 2003, josh wrote: > > > Hi List, > > I want to drop all mail with a certain pattern of text, say "abcdefg". I > > am aware that this may not be the best way to filter mail, but for my > > purposes this is acceptable. I put the following rule in > /etc/snort/rules/local.rules > > > > drop tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"Spam mail"; > content:"abcdefg"; > > nocase; flow:to_server,established; classtype:misc-activity; rev:1 ;) > > > > (Note: the actual rule is one line) > > > > When I send a message with the text "abcdefg" I see the dropped packet > > in /var/log/snort/alerts. The message though still gets sent with the > > "abcdefg" text in the message body. Messages with the "abcdefg" content > > in the body take several minutes to be sent while regular message are > > sent immidiately. I am running snort_inline-2.0.0-1. The mail server is > > Sendmail 8.12.9. Does anybody know why the message is being sent? > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.76 > > iQA/AwUBPyQgufnAyY+9KLjdEQK21wCfRycao8S8rs2VDS35AFdKGXkgxtMAn3MD > Oqev0t4TH+EKCQlvvu2t8wQf > =tsbl > -----END PGP SIGNATURE----- > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > -- "This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient acknowledges that ICICI Bank or its subsidiaries and associated companies, (collectively "ICICI Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group.Before opening any attachments please check them for viruses and defects." |
|
From: Jed H. <je...@gr...> - 2003-07-28 04:33:13
|
I know of snort-inline being used with a large (carefully tuned) ruleset on a 1.2 ghz pentium 3 on a T-3 with a large number of concurrent users (maybe a couple thousand). It works very well there. That is the largest load I know of an inline snort box handling. I also know of inline snort being used in front of some very busy web servers with very little trouble. I have also experimented with 100 megabit loads, and it looked good, but the test was not true traffic. It will depend largely on how well your box is configured, how many rules of what sort, what sort of output logging you are doing, and how many users in/out of the network you will be handling. Lots of variables. Hope this is some help... Jed On Sunday, July 27, 2003, at 02:21 PM, Brian Toovey wrote: > Hey Rob (or anyone) > > Do you have any stats on inline's maximum throughput? I am sure > its > dependent upon how many rulesets you have, but I dont have a high > speed network to test on > > Brian > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> hmm.. Looks like tcp is doing its job by resending packets that are >> lost >> :(. Can you give additional information about your system? >> >> uname -a >> snort_inline configuration >> how are you sending packets to snort_inline >> what other rules are you using >> etc. >> >> Thanks, >> >> Rob >> >> On Sun, 27 Jul 2003, josh wrote: >> >>> Hi List, >>> I want to drop all mail with a certain pattern of text, say >>> "abcdefg". I >>> am aware that this may not be the best way to filter mail, but for my >>> purposes this is acceptable. I put the following rule in >>> /etc/snort/rules/local.rules >>> >>> drop tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"Spam mail"; >>> content:"abcdefg"; >>> nocase; flow:to_server,established; classtype:misc-activity; rev:1 ;) >>> >>> (Note: the actual rule is one line) >>> >>> When I send a message with the text "abcdefg" I see the dropped >>> packet >>> in /var/log/snort/alerts. The message though still gets sent with the >>> "abcdefg" text in the message body. Messages with the "abcdefg" >>> content >>> in the body take several minutes to be sent while regular message are >>> sent immidiately. I am running snort_inline-2.0.0-1. The mail server >>> is >>> Sendmail 8.12.9. Does anybody know why the message is being sent? >>> >>> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP 6.5.8 >> Comment: Made with pgp4pine 1.76 >> >> iQA/AwUBPyQgufnAyY+9KLjdEQK21wCfRycao8S8rs2VDS35AFdKGXkgxtMAn3MD >> Oqev0t4TH+EKCQlvvu2t8wQf >> =tsbl >> -----END PGP SIGNATURE----- >> >> >> >> >> ------------------------------------------------------- >> This SF.Net email sponsored by: Free pre-built ASP.NET sites including >> Data Reports, E-commerce, Portals, and Forums are available now. >> Download today and enter to win an XBOX or Visual Studio .NET. >> http://aspnet.click-url.com/go/psa00100003ave/ >> direct;at.aspnet_072303_01/01 >> _______________________________________________ >> Snort-inline-users mailing list >> Sno...@li... >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> > > > Brian Toovey > Zion Network Security > 3223 NE 40th St > Ft Lauderdale, FL 33308 > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/ > direct;at.aspnet_072303_01/01 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Brian T. <ad...@zi...> - 2003-07-27 19:13:45
|
Hey Rob (or anyone)
Do you have any stats on inline's maximum throughput? I am sure its
dependent upon how many rulesets you have, but I dont have a high
speed network to test on
Brian
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hmm.. Looks like tcp is doing its job by resending packets that are lost
> :(. Can you give additional information about your system?
>
> uname -a
> snort_inline configuration
> how are you sending packets to snort_inline
> what other rules are you using
> etc.
>
> Thanks,
>
> Rob
>
> On Sun, 27 Jul 2003, josh wrote:
>
>> Hi List,
>> I want to drop all mail with a certain pattern of text, say "abcdefg". I
>> am aware that this may not be the best way to filter mail, but for my
>> purposes this is acceptable. I put the following rule in
>> /etc/snort/rules/local.rules
>>
>> drop tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"Spam mail";
>> content:"abcdefg";
>> nocase; flow:to_server,established; classtype:misc-activity; rev:1 ;)
>>
>> (Note: the actual rule is one line)
>>
>> When I send a message with the text "abcdefg" I see the dropped packet
>> in /var/log/snort/alerts. The message though still gets sent with the
>> "abcdefg" text in the message body. Messages with the "abcdefg" content
>> in the body take several minutes to be sent while regular message are
>> sent immidiately. I am running snort_inline-2.0.0-1. The mail server is
>> Sendmail 8.12.9. Does anybody know why the message is being sent?
>>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Made with pgp4pine 1.76
>
> iQA/AwUBPyQgufnAyY+9KLjdEQK21wCfRycao8S8rs2VDS35AFdKGXkgxtMAn3MD
> Oqev0t4TH+EKCQlvvu2t8wQf
> =tsbl
> -----END PGP SIGNATURE-----
>
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
Brian Toovey
Zion Network Security
3223 NE 40th St
Ft Lauderdale, FL 33308
|
|
From: Rob M. <rv...@ca...> - 2003-07-27 18:58:05
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hmm.. Looks like tcp is doing its job by resending packets that are lost :(. Can you give additional information about your system? uname -a snort_inline configuration how are you sending packets to snort_inline what other rules are you using etc. Thanks, Rob On Sun, 27 Jul 2003, josh wrote: > Hi List, > I want to drop all mail with a certain pattern of text, say "abcdefg". I > am aware that this may not be the best way to filter mail, but for my > purposes this is acceptable. I put the following rule in /etc/snort/rules/local.rules > > drop tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"Spam mail"; content:"abcdefg"; > nocase; flow:to_server,established; classtype:misc-activity; rev:1 ;) > > (Note: the actual rule is one line) > > When I send a message with the text "abcdefg" I see the dropped packet > in /var/log/snort/alerts. The message though still gets sent with the > "abcdefg" text in the message body. Messages with the "abcdefg" content > in the body take several minutes to be sent while regular message are > sent immidiately. I am running snort_inline-2.0.0-1. The mail server is > Sendmail 8.12.9. Does anybody know why the message is being sent? > > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPyQgufnAyY+9KLjdEQK21wCfRycao8S8rs2VDS35AFdKGXkgxtMAn3MD Oqev0t4TH+EKCQlvvu2t8wQf =tsbl -----END PGP SIGNATURE----- |
|
From: josh <jo...@tk...> - 2003-07-27 14:52:03
|
Hi List,
I want to drop all mail with a certain pattern of text, say "abcdefg". I
am aware that this may not be the best way to filter mail, but for my
purposes this is acceptable. I put the following rule in /etc/snort/rules/local.rules
drop tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"Spam mail"; content:"abcdefg";
nocase; flow:to_server,established; classtype:misc-activity; rev:1 ;)
(Note: the actual rule is one line)
When I send a message with the text "abcdefg" I see the dropped packet
in /var/log/snort/alerts. The message though still gets sent with the
"abcdefg" text in the message body. Messages with the "abcdefg" content
in the body take several minutes to be sent while regular message are
sent immidiately. I am running snort_inline-2.0.0-1. The mail server is
Sendmail 8.12.9. Does anybody know why the message is being sent?
--
- Josh
94 F8 9F 3E 9A DB 6E FC F8 17 F1 B4 C7 51 CB AA ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- jo...@tk... - tel: +972.58.520.636, http://www.tkos.co.il
|
|
From: pieter c. <pi...@co...> - 2003-07-24 07:30:07
|
If I understand it correctly, then the drop|reject actions currently only alert? Is there a way to have log only flexibility? Thanks, Pieter -- Pieter Claassen CounterSnipe Technologies www.countersnipe.com Highview House Charles Square Bracknell Berskhire RG12 1DF Tel: +44(0) 1344 390 530 Fax: +44(0) 1344 390 700 Mobile: +44 (0) 776 6656 924 email: pi...@co... |
|
From: Brian T. <ad...@zi...> - 2003-07-23 16:40:33
|
I have the same question - anyone have statistics on its performance over high speed networks? I am trying to use it as an IPS > Now let's talk a little about Snort-Inline + Iptables performance. > I wonder how fast snort inline can be. Doest it take care of a 100Mbs > network? > Which hardware should I've to use on this situation? Is 1Gbps just a > dream? > > Teolupus > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > Brian Toovey Zion Network Security 3223 NE 40th St Ft Lauderdale, FL 33308 |
|
From: Teolupus <teo...@sp...> - 2003-07-23 16:27:51
|
Now let's talk a little about Snort-Inline + Iptables performance. I wonder how fast snort inline can be. Doest it take care of a 100Mbs network? Which hardware should I've to use on this situation? Is 1Gbps just a dream? Teolupus |
|
From: Stephan S. <ss...@as...> - 2003-07-23 08:15:34
|
> Due to the way ipq works, the answer is no at this time. Once > snort_inline tells ipq to drop or accept, that's the verdict set for that > packet; therefore, make sure you do all required firewall checks before > you send it to the QUEUE. Maybe in the future, the ipq module will be > more flexible. Would be great if it also offered DNAT and SNAT verdicts. There is a workaround though. You can insert the QUEUE rule into the mangle table. This gets executed before the normal IP filtering mechanism. See "iptables -t mangle ..." Stephan -- Stephan Scholz <ss...@as...> | Development Astaro AG | www.astaro.com | Phone +49-721-490069-0 | Fax -55 Visit Astaro at: - LinuxWorld Expo, San Francisco, Aug. 5-7, 2003 - Systems 2003, IT-Security Area, hall B2, booth 326, Munich, Oct. 20-24, 2003 - Infosecurity Netherlands, hall 3, booth C40, Utrecht, Nov. 11-12, 2003 - Infosecurity France, Paris, Nov. 26-27, 2003 |
|
From: Rob M. <rv...@ca...> - 2003-07-23 03:07:21
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Due to the way ipq works, the answer is no at this time. Once snort_inline tells ipq to drop or accept, that's the verdict set for that packet; therefore, make sure you do all required firewall checks before you send it to the QUEUE. Maybe in the future, the ipq module will be more flexible. Would be great if it also offered DNAT and SNAT verdicts. Rob On Tue, 22 Jul 2003, Teolupus wrote: > Is there any way to make snort-inline repass the packets to IPTABLES after > analising it? > > Regards, > Teolupus > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPx37mvnAyY+9KLjdEQKu0gCg6LKFdVrG7w3/6FKmwqpYNpeJBF4AoJdY FC99RreTEvDy2iCMQhQ9SQr3 =naJN -----END PGP SIGNATURE----- |
|
From: Teolupus <teo...@sp...> - 2003-07-23 02:24:29
|
Is there any way to make snort-inline repass the packets to IPTABLES after analising it? Regards, Teolupus |
|
From: Rob M. <rv...@ca...> - 2003-07-21 16:09:18
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Take a look at the snort_inline.conf that comes with the distro (etc/ directory) and the snort_inline.conf that comes with the toolkit found at www.honeyent.org. They are a good start. There is also a convert.sh script Lance wrote to convert all alert rules in a directory to drop. This said, I would use the snort_inline.conf as a guide to see which ruleset to include because if you use the entire snort ruleset, your system wont be talking much :) . Either way, you will have to tune it for your network. Have fun, and please provide feedback when you get a chance. Rob On Mon, 21 Jul 2003, Brian Toovey wrote: > now its just a matter of the config files... -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPxwPifnAyY+9KLjdEQLGPACfWj0UTEVsH4/P8akKGz4Ox7K1hmUAoL5s WEvO3n9bLH6crUrDEQIYifUf =PHke -----END PGP SIGNATURE----- |
|
From: Brian T. <ad...@zi...> - 2003-07-21 14:32:15
|
thanks for you help guys - it compiled with libnet 1.0 instead of 1.1 - my first expierience writing to a mailing list was a pleasureable one now its just a matter of the config files... Brian Toovey > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Thanks! Looks like I need to revisit the configure script. Doesn't seem > to like the --enable-inline when it is set to do it by default. > > On Sun, 20 Jul 2003 ad...@zi... wrote: >> The configure looks better - but the make sucks >> think because I am using version 1.1 of libnet? >> >> > ./configure --with-mysql > >> checking for ipq_set_mode in -lipq... yes >> checking "for libipq.h"... /usr/local/include >> checking "for libnet.h version 1.0.x"... /usr/local/include > > This should have kicked you out. You will need libnet version 1.0.x. > Used libnet 1.0.x because flexresp already used it. Would hate to add yet > another dependency. > > Thanks for the patience, > > Rob > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.76 > > iQA/AwUBPxtTr/nAyY+9KLjdEQLqvgCg4FsqHP2cW/FhUsm0a3OlKDfKgYMAniUu > ngR9WNe3+HT5XzJtl8CTxQc+ > =ZOxb > -----END PGP SIGNATURE----- > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > Brian Toovey Zion Network Security 3223 NE 40th St Ft Lauderdale, FL 33308 |
|
From: Brian T. <ad...@zi...> - 2003-07-21 03:48:43
|
Looks like the toolkit doesnt - can you upload a copy? Thanks
Feels like I am bulls&^%ing my way out of the compile, but.....
> snort_inline -Q -c /etc/snort_inline/snort_inline.conf
Running in IDS mode
Log directory = /var/log/snort
--== Initializing Snort ==--
Initializing Output Plugins!
Parsing Rules file /etc/snort_inline/snort_inline.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Reading from iptables
Initializing Inline mode
Setting the Packet Processor to decode packets from iptables
Initializing Preprocessors!
Initializing Plug-ins!
http_decode arguments:
Unicode decoding
IIS alternate Unicode decoding
IIS double encoding vuln
Flip backslash to slash
Include additional whitespace separators
Ports to decode http on: 80
Conversation Config:
KeepStats: 0
Conv Count: 32000
Timeout : 60
Alert Odd?: 0
Allowed IP Protocols: All
rpc_decode arguments:
Ports to decode RPC on: 111 32771
alert_fragments: INACTIVE
alert_large_fragments: ACTIVE
alert_incomplete: ACTIVE
alert_multiple_requests: ACTIVE
telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119
database: 'mysql' support is not compiled into this build of snort
ERROR: If this build of snort was obtained as a binary distribution (e.g.,
rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.
If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.
See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
database: compiled support for ( )
database: configured to use mysql
> I tried it two months ago and it didnt support it - but I will try again
> and let you know
>
>> On Sun, 20 Jul 2003, Brian Toovey wrote:
>>
>>> Is there a precompiled binary --with-mysql?
>>
>> There is the Snort-Inline Linux Toolkit on the
>> Honeynet site, but to be dead honest I forget
>> if it has mysql or not. Let me know, if not
>> we can upload a version that does.
>>
>> http://www.honeynet.org/papers/honeynet/tools/
>>
>> Thanks!
>>
>> lance
>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: VM Ware
>> With VMware you can run multiple operating systems on a single machine.
>> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
>> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
>> _______________________________________________
>> Snort-inline-users mailing list
>> Sno...@li...
>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>>
>
>
> Brian Toovey
> Zion Network Security
> 3223 NE 40th St
> Ft Lauderdale, FL 33308
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
Brian Toovey
Zion Network Security
3223 NE 40th St
Ft Lauderdale, FL 33308
|
|
From: Brian T. <ad...@zi...> - 2003-07-21 03:10:54
|
I tried it two months ago and it didnt support it - but I will try again and let you know > On Sun, 20 Jul 2003, Brian Toovey wrote: > >> Is there a precompiled binary --with-mysql? > > There is the Snort-Inline Linux Toolkit on the > Honeynet site, but to be dead honest I forget > if it has mysql or not. Let me know, if not > we can upload a version that does. > > http://www.honeynet.org/papers/honeynet/tools/ > > Thanks! > > lance > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > Brian Toovey Zion Network Security 3223 NE 40th St Ft Lauderdale, FL 33308 |
|
From: Lance S. <la...@ho...> - 2003-07-21 03:06:11
|
On Sun, 20 Jul 2003, Brian Toovey wrote: > Is there a precompiled binary --with-mysql? There is the Snort-Inline Linux Toolkit on the Honeynet site, but to be dead honest I forget if it has mysql or not. Let me know, if not we can upload a version that does. http://www.honeynet.org/papers/honeynet/tools/ Thanks! lance |
|
From: Brian T. <ad...@zi...> - 2003-07-21 02:52:38
|
Is there a precompiled binary --with-mysql? the config script just checks agains the name "libnet.h" which matches for 1.1 and 1.0 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Thanks! Looks like I need to revisit the configure script. Doesn't seem > to like the --enable-inline when it is set to do it by default. > > On Sun, 20 Jul 2003 ad...@zi... wrote: >> The configure looks better - but the make sucks >> think because I am using version 1.1 of libnet? >> >> > ./configure --with-mysql > >> checking for ipq_set_mode in -lipq... yes >> checking "for libipq.h"... /usr/local/include >> checking "for libnet.h version 1.0.x"... /usr/local/include > > This should have kicked you out. You will need libnet version 1.0.x. > Used libnet 1.0.x because flexresp already used it. Would hate to add yet > another dependency. > > Thanks for the patience, > > Rob > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.76 > > iQA/AwUBPxtTr/nAyY+9KLjdEQLqvgCg4FsqHP2cW/FhUsm0a3OlKDfKgYMAniUu > ngR9WNe3+HT5XzJtl8CTxQc+ > =ZOxb > -----END PGP SIGNATURE----- > > > Brian Toovey Zion Network Security 3223 NE 40th St Ft Lauderdale, FL 33308 |
|
From: Rob M. <rv...@ca...> - 2003-07-21 02:47:33
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks! Looks like I need to revisit the configure script. Doesn't seem to like the --enable-inline when it is set to do it by default. On Sun, 20 Jul 2003 ad...@zi... wrote: > The configure looks better - but the make sucks > think because I am using version 1.1 of libnet? > > > ./configure --with-mysql > checking for ipq_set_mode in -lipq... yes > checking "for libipq.h"... /usr/local/include > checking "for libnet.h version 1.0.x"... /usr/local/include This should have kicked you out. You will need libnet version 1.0.x. Used libnet 1.0.x because flexresp already used it. Would hate to add yet another dependency. Thanks for the patience, Rob -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPxtTr/nAyY+9KLjdEQLqvgCg4FsqHP2cW/FhUsm0a3OlKDfKgYMAniUu ngR9WNe3+HT5XzJtl8CTxQc+ =ZOxb -----END PGP SIGNATURE----- |
|
From: <ad...@zi...> - 2003-07-21 02:26:22
|
The configure looks better - but the make sucks
think because I am using version 1.1 of libnet?
> ./configure --with-mysql
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets ${MAKE}... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking dependency style of gcc... none
checking for gcc option to accept ANSI C... none needed
checking for ranlib... ranlib
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking dependency style of gcc... (cached) none
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking whether byte ordering is bigendian... no
checking for sparc alignment... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/sockio.h usability... no
checking sys/sockio.h presence... no
checking for sys/sockio.h... no
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking for inet_ntoa in -lnsl... yes
checking for socket in -lsocket... no
checking whether printf must be declared... no
checking whether fprintf must be declared... no
checking whether syslog must be declared... no
checking whether puts must be declared... no
checking whether fputs must be declared... no
checking whether fputc must be declared... no
checking whether fopen must be declared... no
checking whether fclose must be declared... no
checking whether fwrite must be declared... no
checking whether fflush must be declared... no
checking whether getopt must be declared... no
checking whether bzero must be declared... no
checking whether bcopy must be declared... no
checking whether memset must be declared... no
checking whether strtol must be declared... no
checking whether strcasecmp must be declared... no
checking whether strncasecmp must be declared... no
checking whether strerror must be declared... no
checking whether perror must be declared... no
checking whether socket must be declared... no
checking whether sendto must be declared... no
checking whether vsnprintf must be declared... no
checking whether snprintf must be declared... no
checking whether strtoul must be declared... no
checking for snprintf... yes
checking for strlcpy... no
checking for strlcat... no
checking for strerror... yes
checking for floor in -lm... yes
checking for pcap_datalink in -lpcap... yes
checking for mysql... yes
checking for compress in -lz... yes
checking for ipq_set_mode in -lipq... yes
checking "for libipq.h"... /usr/local/include
checking "for libnet.h version 1.0.x"... /usr/local/include
checking for u_int8_t... yes
checking for u_int16_t... yes
checking for u_int32_t... yes
checking for a BSD-compatible install... /usr/bin/install -c
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/detection-plugins/Makefile
config.status: creating src/output-plugins/Makefile
config.status: creating src/preprocessors/Makefile
config.status: creating src/parser/Makefile
config.status: creating doc/Makefile
config.status: creating contrib/Makefile
config.status: creating etc/Makefile
config.status: creating rules/Makefile
config.status: creating templates/Makefile
config.status: creating src/win32/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
> make
make all-recursive
make[1]: Entering directory `/home/admin/snort_inline-2.0.0'
Making all in src
make[2]: Entering directory `/home/admin/snort_inline-2.0.0/src'
Making all in win32
make[3]: Entering directory `/home/admin/snort_inline-2.0.0/src/win32'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/home/admin/snort_inline-2.0.0/src/win32'
Making all in output-plugins
make[3]: Entering directory
`/home/admin/snort_inline-2.0.0/src/output-plugins'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_alert_fast.c' || echo './'`spo_alert_fast.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_alert_full.c' || echo './'`spo_alert_full.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_alert_smb.c' || echo './'`spo_alert_smb.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_alert_syslog.c' || echo './'`spo_alert_syslog.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_alert_unixsock.c' || echo './'`spo_alert_unixsock.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_csv.c' || echo './'`spo_csv.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_database.c' || echo './'`spo_database.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_log_null.c' || echo './'`spo_log_null.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_log_tcpdump.c' || echo './'`spo_log_tcpdump.c
spo_log_tcpdump.c: In function `LogTcpdump':
spo_log_tcpdump.c:204: warning: unused variable `ptr'
spo_log_tcpdump.c:203: warning: unused variable `i'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_unified.c' || echo './'`spo_unified.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spo_log_ascii.c' || echo './'`spo_log_ascii.c
rm -f libspo.a
ar cru libspo.a spo_alert_fast.o spo_alert_full.o spo_alert_smb.o
spo_alert_syslog.o spo_alert_unixsock.o spo_csv.o spo_database.o
spo_log_null.o spo_log_tcpdump.o spo_unified.o spo_log_ascii.o
ranlib libspo.a
make[3]: Leaving directory
`/home/admin/snort_inline-2.0.0/src/output-plugins'
Making all in detection-plugins
make[3]: Entering directory
`/home/admin/snort_inline-2.0.0/src/detection-plugins'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_dsize_check.c' || echo './'`sp_dsize_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_icmp_code_check.c' || echo './'`sp_icmp_code_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_icmp_id_check.c' || echo './'`sp_icmp_id_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_icmp_seq_check.c' || echo './'`sp_icmp_seq_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_icmp_type_check.c' || echo './'`sp_icmp_type_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ip_fragbits.c' || echo './'`sp_ip_fragbits.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ip_id_check.c' || echo './'`sp_ip_id_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ip_proto.c' || echo './'`sp_ip_proto.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ip_same_check.c' || echo './'`sp_ip_same_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ip_tos_check.c' || echo './'`sp_ip_tos_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ipoption_check.c' || echo './'`sp_ipoption_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_pattern_match.c' || echo './'`sp_pattern_match.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_react.c' || echo './'`sp_react.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_respond.c' || echo './'`sp_respond.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_rpc_check.c' || echo './'`sp_rpc_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_session.c' || echo './'`sp_session.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_tcp_ack_check.c' || echo './'`sp_tcp_ack_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_tcp_flag_check.c' || echo './'`sp_tcp_flag_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_tcp_seq_check.c' || echo './'`sp_tcp_seq_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_tcp_win_check.c' || echo './'`sp_tcp_win_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_ttl_check.c' || echo './'`sp_ttl_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_clientserver.c' || echo './'`sp_clientserver.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_byte_check.c' || echo './'`sp_byte_check.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sp_byte_jump.c' || echo './'`sp_byte_jump.c
rm -f libspd.a
ar cru libspd.a sp_dsize_check.o sp_icmp_code_check.o sp_icmp_id_check.o
sp_icmp_seq_check.o sp_icmp_type_check.o sp_ip_fragbits.o sp_ip_id_check.o
sp_ip_proto.o sp_ip_same_check.o sp_ip_tos_check.o sp_ipoption_check.o
sp_pattern_match.o sp_react.o sp_respond.o sp_rpc_check.o sp_session.o
sp_tcp_ack_check.o sp_tcp_flag_check.o sp_tcp_seq_check.o
sp_tcp_win_check.o sp_ttl_check.o sp_clientserver.o sp_byte_check.o
sp_byte_jump.o
ranlib libspd.a
make[3]: Leaving directory
`/home/admin/snort_inline-2.0.0/src/detection-plugins'
Making all in preprocessors
make[3]: Entering directory
`/home/admin/snort_inline-2.0.0/src/preprocessors'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_arpspoof.c' || echo './'`spp_arpspoof.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_bo.c' || echo './'`spp_bo.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_frag2.c' || echo './'`spp_frag2.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_http_decode.c' || echo './'`spp_http_decode.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_portscan.c' || echo './'`spp_portscan.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_rpc_decode.c' || echo './'`spp_rpc_decode.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_stream4.c' || echo './'`spp_stream4.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_telnet_negotiation.c' || echo './'`spp_telnet_negotiation.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_httpflow.c' || echo './'`spp_httpflow.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_perfmonitor.c' || echo './'`spp_perfmonitor.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_conversation.c' || echo './'`spp_conversation.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'spp_portscan2.c' || echo './'`spp_portscan2.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'perf.c' || echo './'`perf.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'perf-base.c' || echo './'`perf-base.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'perf-flow.c' || echo './'`perf-flow.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'perf-event.c' || echo './'`perf-event.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'http-resp.c' || echo './'`http-resp.c
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sfprocpidstats.c' || echo './'`sfprocpidstats.c
rm -f libspp.a
ar cru libspp.a spp_arpspoof.o spp_bo.o spp_frag2.o spp_http_decode.o
spp_portscan.o spp_rpc_decode.o spp_stream4.o spp_telnet_negotiation.o
spp_httpflow.o spp_perfmonitor.o spp_conversation.o spp_portscan2.o perf.o
perf-base.o perf-flow.o perf-event.o http-resp.o sfprocpidstats.o
ranlib libspp.a
make[3]: Leaving directory `/home/admin/snort_inline-2.0.0/src/preprocessors'
Making all in parser
make[3]: Entering directory `/home/admin/snort_inline-2.0.0/src/parser'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'IpAddrSet.c' || echo './'`IpAddrSet.c
rm -f libparser.a
ar cru libparser.a IpAddrSet.o
ranlib libparser.a
make[3]: Leaving directory `/home/admin/snort_inline-2.0.0/src/parser'
make[3]: Entering directory `/home/admin/snort_inline-2.0.0/src'
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'codes.c' || echo './'`codes.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'debug.c' || echo './'`debug.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'decode.c' || echo './'`decode.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'log.c' || echo './'`log.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'mstring.c' || echo './'`mstring.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'parser.c' || echo './'`parser.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'plugbase.c' || echo './'`plugbase.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'snort.c' || echo './'`snort.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'snprintf.c' || echo './'`snprintf.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'strlcatu.c' || echo './'`strlcatu.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'strlcpyu.c' || echo './'`strlcpyu.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'tag.c' || echo './'`tag.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'ubi_BinTree.c' || echo './'`ubi_BinTree.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'ubi_SplayTree.c' || echo './'`ubi_SplayTree.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'util.c' || echo './'`util.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'detect.c' || echo './'`detect.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'signature.c' || echo './'`signature.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'mempool.c' || echo './'`mempool.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'sf_sdlist.c' || echo './'`sf_sdlist.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'threshold.c' || echo './'`threshold.c
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors
-I/usr/include/mysql -DENABLE_MYSQL -I/usr/include -g -O2 -Wall -DGIDS
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -c `test
-f 'inline.c' || echo './'`inline.c
In file included from /usr/include/libnet.h:59,
from inline.c:8:
/usr/include/netinet/ip.h:197: warning: `IPOPT_EOL' redefined
decode.h:427: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:199: warning: `IPOPT_NOP' redefined
decode.h:431: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:202: warning: `IPOPT_RR' redefined
decode.h:435: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:203: warning: `IPOPT_TS' redefined
decode.h:443: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:205: warning: `IPOPT_SECURITY' redefined
decode.h:447: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:207: warning: `IPOPT_LSRR' redefined
decode.h:451: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:208: warning: `IPOPT_SATID' redefined
decode.h:459: warning: this is the location of the previous definition
/usr/include/netinet/ip.h:210: warning: `IPOPT_SSRR' redefined
decode.h:463: warning: this is the location of the previous definition
In file included from /usr/include/libnet.h:75,
from inline.c:8:
/usr/include/netinet/tcp.h:40: warning: `TCP_NODELAY' redefined
decode.h:288: warning: this is the location of the previous definition
/usr/include/netinet/tcp.h:41: warning: `TCP_MAXSEG' redefined
decode.h:292: warning: this is the location of the previous definition
inline.c: In function `InitInline':
inline.c:95: warning: implicit declaration of function `libnet_open_raw_sock'
inline.c:103: `IP_H' undeclared (first use in this function)
inline.c:103: (Each undeclared identifier is reported only once
inline.c:103: for each function it appears in.)
inline.c:103: `TCP_H' undeclared (first use in this function)
inline.c:118: warning: implicit declaration of function `libnet_build_ip'
inline.c:118: `PRu16' undeclared (first use in this function)
inline.c:122: warning: passing arg 8 of `libnet_build_tcp' makes integer
from pointer without a cast
inline.c:122: too few arguments to function `libnet_build_tcp'
inline.c:125: `ICMP_UNREACH_H' undeclared (first use in this function)
inline.c:127: warning: implicit declaration of function
`libnet_build_icmp_unreach'
inline.c: In function `HandlePacket':
inline.c:214: `IP_H' undeclared (first use in this function)
inline.c:214: `TCP_H' undeclared (first use in this function)
inline.c:225: warning: passing arg 1 of `libnet_do_checksum' from
incompatible pointer type
inline.c:225: warning: passing arg 2 of `libnet_do_checksum' makes pointer
from integer without a cast
inline.c:225: too few arguments to function `libnet_do_checksum'
inline.c:226: warning: implicit declaration of function `libnet_write_ip'
inline.c:228: warning: implicit declaration of function `libnet_error'
inline.c:228: `LIBNET_ERR_CRITICAL' undeclared (first use in this function)
inline.c:249: `ICMP_UNREACH_H' undeclared (first use in this function)
inline.c:256: warning: passing arg 1 of `libnet_do_checksum' from
incompatible pointer type
inline.c:256: warning: passing arg 2 of `libnet_do_checksum' makes pointer
from integer without a cast
inline.c:256: too few arguments to function `libnet_do_checksum'
inline.c:187: warning: `tcph' might be used uninitialized in this function
make[3]: *** [inline.o] Error 1
make[3]: Leaving directory `/home/admin/snort_inline-2.0.0/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/admin/snort_inline-2.0.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/admin/snort_inline-2.0.0'
make: *** [all] Error 2
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Please try it as follows and tell me if it works:
>
> ./configure --with-mysql.
>
> The source that I have on sourceforge generates snort_inline by default.
> I think there may be a problem with the configure script when given the
> - --enable-inline when it already does it by default. Please try the
> above
> way, and let me know if you still have problems.
>
> Thanks,
>
> Rob
>
> On Sun, 20 Jul 2003 ad...@zi... wrote:
>
>>
>> When I run:
>> ./configure --enable-inline --with-mysql
>>
>> the output is generated in the configure.txt file
>> I see it check for libmysql but not for libipq
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Made with pgp4pine 1.76
>
> iQA/AwUBPxtJWPnAyY+9KLjdEQLGHACcCiZLo+lgYNFRPabWfYgB+ooYWl4AoNsk
> vuRTn2j/j654d5TTvEGoVjc5
> =YbT1
> -----END PGP SIGNATURE-----
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
|
|
From: Rob M. <rv...@ca...> - 2003-07-21 02:03:49
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please try it as follows and tell me if it works: ./configure --with-mysql. The source that I have on sourceforge generates snort_inline by default. I think there may be a problem with the configure script when given the - --enable-inline when it already does it by default. Please try the above way, and let me know if you still have problems. Thanks, Rob On Sun, 20 Jul 2003 ad...@zi... wrote: > > When I run: > ./configure --enable-inline --with-mysql > > the output is generated in the configure.txt file > I see it check for libmysql but not for libipq -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPxtJWPnAyY+9KLjdEQLGHACcCiZLo+lgYNFRPabWfYgB+ooYWl4AoNsk vuRTn2j/j654d5TTvEGoVjc5 =YbT1 -----END PGP SIGNATURE----- |
|
From: <ad...@zi...> - 2003-07-21 00:43:11
|
When I run: ./configure --enable-inline --with-mysql the output is generated in the configure.txt file I see it check for libmysql but not for libipq > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > When you run the configure script, what does it look like? > > For example, when I run it: > > ./configure --with-mysql > > Rob > > On Sun, 20 Jul 2003 ad...@zi... wrote: > >> Thanks for your quick support guys >> >> Looks like my situation is worse >> >> I can't even run it with option -Q - doesnt make much sense - should the >> ./config fail if there is no libipq? >> >> >> I have attached four files - dont know if the list will accept them - >> sending a test > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.76 > > iQA/AwUBPxsyXPnAyY+9KLjdEQJjcgCdGmCWbP18tlSbC014XyUmRlwjbWAAn03U > Bhiu5vQZwuPDNZyChvZemgVL > =RrGG > -----END PGP SIGNATURE----- > > > |
|
From: <ad...@zi...> - 2003-07-21 00:17:46
|
Thanks for your quick support guys Looks like my situation is worse I can't even run it with option -Q - doesnt make much sense - should the ./config fail if there is no libipq? I have attached four files - dont know if the list will accept them - sending a test |
|
From: Rob M. <rv...@ca...> - 2003-07-20 20:39:59
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you please send me the output of your configure script? ./configure --with-mysql &> configure.txt This will let me see what is going on. Also, please send me the output of your make make &> make.txt Thanks, Rob On Sun, 20 Jul 2003 ad...@zi... wrote: > Richard: (or anyone at the list) > > I recently came accross the post below after searching google. > > After compiling snort-inline in the same fashion I am receiving the same > error. I am using Debian with the latest version of snort-inline (april > 30). > > Has anyone successfully compiled snort-inline with mysql support? > > Brian Toovey > > > POST: > Subject: RE: Gen II data control : snort-inline+mysql > From: "Richard La Bella" <ri...@sf...> > Date: Mon, 17 Feb 2003 05:58:41 -0500 > Cc: "'honey grp'" <hon...@ya...>, <hon...@se...> > Delivered-to: mailing list hon...@se... > Delivered-to: moderator for hon...@se... > Importance: Normal > In-reply-to: <260...@ma...> > List-help: <mailto:hon...@se...> > List-id: <honeypots.list-id.securityfocus.com> > List-post: <mailto:hon...@se...> > List-subscribe: <mailto:hon...@se...> > List-unsubscribe: <mailto:hon...@se...> > Mailing-list: contact hon...@se...; run by ezmlm > Organization: South Florida Honeynet Project > Reply-to: <ri...@sf...> > > Harish, > Which copy/version of snort-inline are you compiling? > Richard La Bella > ----- South Florida Honeynet Project ----- > > -----Original Message----- > From: Harish Siripurapu [mailto:sir...@cs...] > Sent: Sunday, February 16, 2003 10:35 PM > To: Andrew Hintz (Drew) > Cc: honey grp; hon...@se... > Subject: Gen II data control : snort-inline+mysql > Hi , > I am following SFHN's paper to set up data control in a gen II > honeynet.when I try to log the snort packets to a mysql database I get > "mysql support is not compiled in this copy".I tried to compile snort > with mysql (./configure --with-mysql > --enable-inline) and the problem persists. > Please help me. > Harish > References: > Gen II data control : snort-inline+mysql > From: "Harish Siripurapu" <sir...@cs...> > Prev by Date: Re: Honeyd 0.5 release > Next by Date: LaBrea news > Previous by thread: Gen II data control : snort-inline+mysql > Next by thread: RE: Fake services on unused IPs > Index(es): > Date > Thread > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPxr9evnAyY+9KLjdEQKoqQCfU/D3/fhSbG7V+DV8aiDWWQ9Dh6oAoNGc FyhcFFpP5eO6ikX1KqZJKo8s =bOH/ -----END PGP SIGNATURE----- |
|
From: <ad...@zi...> - 2003-07-20 19:35:00
|
Richard: (or anyone at the list) I recently came accross the post below after searching google. After compiling snort-inline in the same fashion I am receiving the same error. I am using Debian with the latest version of snort-inline (april 30). Has anyone successfully compiled snort-inline with mysql support? Brian Toovey POST: Subject: RE: Gen II data control : snort-inline+mysql From: "Richard La Bella" <ri...@sf...> Date: Mon, 17 Feb 2003 05:58:41 -0500 Cc: "'honey grp'" <hon...@ya...>, <hon...@se...> Delivered-to: mailing list hon...@se... Delivered-to: moderator for hon...@se... Importance: Normal In-reply-to: <260...@ma...> List-help: <mailto:hon...@se...> List-id: <honeypots.list-id.securityfocus.com> List-post: <mailto:hon...@se...> List-subscribe: <mailto:hon...@se...> List-unsubscribe: <mailto:hon...@se...> Mailing-list: contact hon...@se...; run by ezmlm Organization: South Florida Honeynet Project Reply-to: <ri...@sf...> Harish, Which copy/version of snort-inline are you compiling? Richard La Bella ----- South Florida Honeynet Project ----- -----Original Message----- From: Harish Siripurapu [mailto:sir...@cs...] Sent: Sunday, February 16, 2003 10:35 PM To: Andrew Hintz (Drew) Cc: honey grp; hon...@se... Subject: Gen II data control : snort-inline+mysql Hi , I am following SFHN's paper to set up data control in a gen II honeynet.when I try to log the snort packets to a mysql database I get "mysql support is not compiled in this copy".I tried to compile snort with mysql (./configure --with-mysql --enable-inline) and the problem persists. Please help me. Harish References: Gen II data control : snort-inline+mysql From: "Harish Siripurapu" <sir...@cs...> Prev by Date: Re: Honeyd 0.5 release Next by Date: LaBrea news Previous by thread: Gen II data control : snort-inline+mysql Next by thread: RE: Fake services on unused IPs Index(es): Date Thread |
133 messages has been excluded from this view by a project administrator.
