|
|
|
|
Snort Forums Archive
Archive Home » Third Party Tools » Problems installing SnortSAM
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Problems installing SnortSAM
Posted by bmeckle on September 26, 2005 10:16:14
I am trying to install SAM on an existing snort sensor. Snort is already working, so I found instructions on how to install SAM and recompile snort to make it work.
Steps I have taken are,
download and unpack snortsam and the patches
run ./makesnortsam.sh
run ./patchsnort.sh
run aclocal
run autoheader
run automake --add-missing
run autoconf
run ./configure from the snort install directory
run make (errors out during the make process)
But when I try to recompile snort I get the following errors.
gcc -g -O2 -Wall -L/usr/local/snort-2.1.3/src -L/usr/local/lib -lpcre -o snort codes.o debug.o decode.o log.o mstring.o parser.o plugbase.o twofish.o snort.o snprintf.o strlcatu.o strlcpyu.o tag.o ubi_BinTree.o ubi_SplayTree.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o output-plugins/libspo.a detection-plugins/libspd.a preprocessors/libspp.a preprocessors/flow/portscan/libportscan.a preprocessors/flow/libflow.a parser/libparser.a preprocessors/HttpInspect/libhttp_inspect.a sfutil/libsfutil.a -lpcre -lpcap -lm -lsocket -lnsl
Undefined first referenced
symbol in file
mysql_use_result output-plugins/libspo.a(spo_database.o)
mysql_query output-plugins/libspo.a(spo_database.o)
mysql_errno output-plugins/libspo.a(spo_database.o)
mysql_error output-plugins/libspo.a(spo_database.o)
mysql_real_connect output-plugins/libspo.a(spo_database.o)
mysql_close output-plugins/libspo.a(spo_database.o)
mysql_free_result output-plugins/libspo.a(spo_database.o)
mysql_fetch_row output-plugins/libspo.a(spo_database.o)
mysql_init output-plugins/libspo.a(spo_database.o)
ld: fatal: Symbol referencing errors. No output written to snort
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `snort'
Current working directory /usr/local/snort-2.1.3/src
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /usr/local/snort-2.1.3/src
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /usr/local/snort-2.1.3
*** Error code 1
make: Fatal error: Command failed for target `all'
Any help is greatly appiciated.
Thanks,
Bob
|
|
Posted by Joel_Esler on September 26, 2005 12:31:15
Please contact Frank Knobbe (SnortSAM's author) at: frank@snortsam.net
Joel Esler
SOURCEfire |
|
Posted by bmeckle on October 03, 2005 04:36:21
I contacted Frank Knobbe [frank@snortsam.net], he told me to try a newer version of snort. So I got the latest version of snort and was able to get past this problem.
I ran into another problem when trying to patch the new version of snort on a Solaris 8 x86 box, though. The patch script didn't work. Apparently there is some diff statement used by the patch command and it could not link the proper files together and even if supplied the right files failed with errors.
To get around this problem Frank pointed me to the patched files on line at snortsams home site "http://www.snortsam.net/download.html#patch" I copied the patched files to the proper locations and was able to then run the aclocal, autoheader, automake, and autoconfig commands. After running those commands I could then run the configure (with options), make, and make install as usual. That seemed to fix the issues.
Thanks for the help
Bob |
|
Posted by Joel_Esler on October 04, 2005 06:33:10
No prob.
Joel Esler
SOURCEfire |
|
|
|
|
|
