Re: [rhelv5-list] snort 2.9.0 Centos 5.5
Hello Vincent, Thanks allot for your help. I managed to pass that error and everything builds just fine, but when i try to run snort i get segfault : kernel: device eth0 entered promiscuous mode Nov 4 10:50:30 kernel: snort[8650]: segfault at 0010 rip 004a072c rsp 7fff7d712070 error 4 Nov 4 10:50:30 kernel: device eth0 left promiscuous mode I compiled manually these versions and all works just well, I don't know what the problem is. I'm at this since the morning and couldn't get some good rpm's. Can you tell me how did you make the libpcap 1.1.1 rpm? I will be glad if you can guide through some checks to see what is the problems. Regards, Ovidiu On 11/04/2010 06:27 PM, vinc...@cojot.name wrote: Hi Stanila, I'm currently pushing 2.9.0.1-2 rpms built with --enable-zlib on that website. I don't know if that will have any side-effects but I guess it won't hurt. You got the daq_ipq.* errors because daq didn't build the daq_ipq* modules on your system (maybe due to a missing library). At any case, I've changed the spec file to be more 'flexible', which should help it build on your system (see daq-0.3-3.el5.src.rpm). The updated list of RPMS is as follows: dist/snort/RHEL5/SRPMS/daq-0.3-3.el5.src.rpm dist/snort/RHEL5/SRPMS/libpcap1-1.1.1-6.el5.src.rpm dist/snort/RHEL5/SRPMS/snort-2.9.0.1-2.el5.src.rpm dist/snort/RHEL5/i386/daq-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/daq-debuginfo-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/snort-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-devel-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-debuginfo-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/snort-debuginfo-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/snort-mysql-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/x86_64/libpcap1-devel-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-debuginfo-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-debuginfo-0.3-3.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-mysql-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-debuginfo-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-0.3-3.el5.x86_64.rpm I hope this helps, Vincent On Thu, 4 Nov 2010, Stanila Ovidiu wrote: Hi everybody, I installed Vincent's rpm's(https://www.redhat.com/archives/rhelv5-list/2010-November/msg1.html) on my Centos 5.5 system and after the installation when i ran snort -c /etc/snort/snort.conf -T i got this error: ERROR: /etc/snort/snort.conf(194) => Invalid keyword 'compress_depth' for 'global' configuration. Fatal Error, Quitting.. I read on snort forum that this error appears because snort isn't compiled with --enable-zlib option. So i installed the src rpm to try and compile again snort, but when running rpmbuild i got this error: checking for daq_load_modules in -ldaq_static... no ERROR! daq_static library not found, go get it from http://www.snort.org/. I tried compiling daq separately, from src rpm provided by vincent, but there i got this error: RPM build errors: File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.la File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.so Could somebody help me, I'm all out of ideas. I'm kind of new on compiling packages, so any help will be great. Thank you for your time. ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
Re: [rhelv5-list] snort 2.9.0 Centos 5.5
Hi Vincent, After allot of try and error tests I discovered that libpcap 1.1.1 was the culprit for the Segmentation fault error, I managed after some anguishing compilations (i'm really new to the rpmbuild process, only 2 days ago ) to build a libpcap 1.0.0 rpm with the specs file from your build. Thank you for all your help. Regards, Ovidiu On 11/04/2010 07:58 PM, Stanila Ovidiu wrote: Hello Vincent, Thanks allot for your help. I managed to pass that error and everything builds just fine, but when i try to run snort i get segfault : kernel: device eth0 entered promiscuous mode Nov 4 10:50:30 kernel: snort[8650]: segfault at 0010 rip 004a072c rsp 7fff7d712070 error 4 Nov 4 10:50:30 kernel: device eth0 left promiscuous mode I compiled manually these versions and all works just well, I don't know what the problem is. I'm at this since the morning and couldn't get some good rpm's. Can you tell me how did you make the libpcap 1.1.1 rpm? I will be glad if you can guide through some checks to see what is the problems. Regards, Ovidiu On 11/04/2010 06:27 PM, vinc...@cojot.name wrote: Hi Stanila, I'm currently pushing 2.9.0.1-2 rpms built with --enable-zlib on that website. I don't know if that will have any side-effects but I guess it won't hurt. You got the daq_ipq.* errors because daq didn't build the daq_ipq* modules on your system (maybe due to a missing library). At any case, I've changed the spec file to be more 'flexible', which should help it build on your system (see daq-0.3-3.el5.src.rpm). The updated list of RPMS is as follows: dist/snort/RHEL5/SRPMS/daq-0.3-3.el5.src.rpm dist/snort/RHEL5/SRPMS/libpcap1-1.1.1-6.el5.src.rpm dist/snort/RHEL5/SRPMS/snort-2.9.0.1-2.el5.src.rpm dist/snort/RHEL5/i386/daq-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/daq-debuginfo-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/snort-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-devel-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-debuginfo-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/snort-debuginfo-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/snort-mysql-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/x86_64/libpcap1-devel-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-debuginfo-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-debuginfo-0.3-3.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-mysql-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-debuginfo-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-0.3-3.el5.x86_64.rpm I hope this helps, Vincent On Thu, 4 Nov 2010, Stanila Ovidiu wrote: Hi everybody, I installed Vincent's rpm's(https://www.redhat.com/archives/rhelv5-list/2010-November/msg1.html) on my Centos 5.5 system and after the installation when i ran snort -c /etc/snort/snort.conf -T i got this error: ERROR: /etc/snort/snort.conf(194) => Invalid keyword 'compress_depth' for 'global' configuration. Fatal Error, Quitting.. I read on snort forum that this error appears because snort isn't compiled with --enable-zlib option. So i installed the src rpm to try and compile again snort, but when running rpmbuild i got this error: checking for daq_load_modules in -ldaq_static... no ERROR! daq_static library not found, go get it from http://www.snort.org/. I tried compiling daq separately, from src rpm provided by vincent, but there i got this error: RPM build errors: File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.la File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.so Could somebody help me, I'm all out of ideas. I'm kind of new on compiling packages, so any help will be great. Thank you for your time. ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
Re: [rhelv5-list] snort 2.9.0 Centos 5.5
Hi Ovidiu, There were some other reports on snort-users that 2.9.0.x was segfaulting on rhel5.5. Like you already did, I found out that the segfault was related to libpcap1. I also noticed the following: # snort -i eth0 # snort --daq pcap -i eth0 (segaults immediately after 'Initializing daemon mode') # snort --daq afpacket -i eth0 (works fine but then it doesn't use pcap). I do not know yet if we're running into this issue because of libpcap-1.1.1 or because of my own libpcap1 packaging. I would have to dig into the daq library and how it calls libpcap for that. I'm CC'ing the snort-users list on this since it appears at least someone there (Jason Wallace) knows more about this issue. Jason said that getting rid of lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so in your snort.conf might fix that issue. Regards, Vincent On Thu, 4 Nov 2010, Stanila Ovidiu wrote: Hi Vincent, After allot of try and error tests I discovered that libpcap 1.1.1 was the culprit for the Segmentation fault error, I managed after some anguishing compilations (i'm really new to the rpmbuild process, only 2 days ago ) to build a libpcap 1.0.0 rpm with the specs file from your build. Thank you for all your help. Regards, Ovidiu On 11/04/2010 07:58 PM, Stanila Ovidiu wrote: Hello Vincent, Thanks allot for your help. I managed to pass that error and everything builds just fine, but when i try to run snort i get segfault : kernel: device eth0 entered promiscuous mode Nov 4 10:50:30 kernel: snort[8650]: segfault at 0010 rip 004a072c rsp 7fff7d712070 error 4 Nov 4 10:50:30 kernel: device eth0 left promiscuous mode I compiled manually these versions and all works just well, I don't know what the problem is. I'm at this since the morning and couldn't get some good rpm's. Can you tell me how did you make the libpcap 1.1.1 rpm? I will be glad if you can guide through some checks to see what is the problems. Regards, Ovidiu On 11/04/2010 06:27 PM, vinc...@cojot.name wrote: Hi Stanila, I'm currently pushing 2.9.0.1-2 rpms built with --enable-zlib on that website. I don't know if that will have any side-effects but I guess it won't hurt. You got the daq_ipq.* errors because daq didn't build the daq_ipq* modules on your system (maybe due to a missing library). At any case, I've changed the spec file to be more 'flexible', which should help it build on your system (see daq-0.3-3.el5.src.rpm). The updated list of RPMS is as follows: dist/snort/RHEL5/SRPMS/daq-0.3-3.el5.src.rpm dist/snort/RHEL5/SRPMS/libpcap1-1.1.1-6.el5.src.rpm dist/snort/RHEL5/SRPMS/snort-2.9.0.1-2.el5.src.rpm dist/snort/RHEL5/i386/daq-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/daq-debuginfo-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/snort-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-devel-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-debuginfo-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/snort-debuginfo-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/snort-mysql-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/x86_64/libpcap1-devel-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-debuginfo-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-debuginfo-0.3-3.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-mysql-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-debuginfo-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-0.3-3.el5.x86_64.rpm I hope this helps, Vincent On Thu, 4 Nov 2010, Stanila Ovidiu wrote: Hi everybody, I installed Vincent's rpm's(https://www.redhat.com/archives/rhelv5-list/2010-November/msg1.html) on my Centos 5.5 system and after the installation when i ran snort -c /etc/snort/snort.conf -T i got this error: ERROR: /etc/snort/snort.conf(194) => Invalid keyword 'compress_depth' for 'global' configuration. Fatal Error, Quitting.. I read on snort forum that this error appears because snort isn't compiled with --enable-zlib option. So i installed the src rpm to try and compile again snort, but when running rpmbuild i got this error: checking for daq_load_modules in -ldaq_static... no ERROR! daq_static library not found, go get it from http://www.snort.org/. I tried compiling daq separately, from src rpm provided by vincent, but there i got this error: RPM build errors: File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.la File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.so Could somebody help me, I'm all out of ideas. I'm kind of new on compiling packages, so any help will be great. Thank you for your time. ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list ___ rhelv5-list mailing
Re: [rhelv5-list] snort 2.9.0 Centos 5.5
Hi Stanila, I'm currently pushing 2.9.0.1-2 rpms built with --enable-zlib on that website. I don't know if that will have any side-effects but I guess it won't hurt. You got the daq_ipq.* errors because daq didn't build the daq_ipq* modules on your system (maybe due to a missing library). At any case, I've changed the spec file to be more 'flexible', which should help it build on your system (see daq-0.3-3.el5.src.rpm). The updated list of RPMS is as follows: dist/snort/RHEL5/SRPMS/daq-0.3-3.el5.src.rpm dist/snort/RHEL5/SRPMS/libpcap1-1.1.1-6.el5.src.rpm dist/snort/RHEL5/SRPMS/snort-2.9.0.1-2.el5.src.rpm dist/snort/RHEL5/i386/daq-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/daq-debuginfo-0.3-3.el5.i386.rpm dist/snort/RHEL5/i386/snort-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-devel-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-debuginfo-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/i386/snort-debuginfo-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/snort-mysql-2.9.0.1-2.el5.i386.rpm dist/snort/RHEL5/i386/libpcap1-1.1.1-6.el5.i386.rpm dist/snort/RHEL5/x86_64/libpcap1-devel-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/libpcap1-debuginfo-1.1.1-6.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-debuginfo-0.3-3.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-mysql-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/snort-debuginfo-2.9.0.1-2.el5.x86_64.rpm dist/snort/RHEL5/x86_64/daq-0.3-3.el5.x86_64.rpm I hope this helps, Vincent On Thu, 4 Nov 2010, Stanila Ovidiu wrote: Hi everybody, I installed Vincent's rpm's(https://www.redhat.com/archives/rhelv5-list/2010-November/msg1.html) on my Centos 5.5 system and after the installation when i ran snort -c /etc/snort/snort.conf -T i got this error: ERROR: /etc/snort/snort.conf(194) => Invalid keyword 'compress_depth' for 'global' configuration. Fatal Error, Quitting.. I read on snort forum that this error appears because snort isn't compiled with --enable-zlib option. So i installed the src rpm to try and compile again snort, but when running rpmbuild i got this error: checking for daq_load_modules in -ldaq_static... no ERROR! daq_static library not found, go get it from http://www.snort.org/. I tried compiling daq separately, from src rpm provided by vincent, but there i got this error: RPM build errors: File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.la File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.so Could somebody help me, I'm all out of ideas. I'm kind of new on compiling packages, so any help will be great. Thank you for your time. ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list ___ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
