Hello would you be willing to write a page on the ntop blog or update the readme file I have written for snort?
Regards Luca On Feb 12, 2010, at 4:07 PM, The Branches wrote: > Peter, > > I had a dickens of a time getting that one right but with some help along the > away I arrived at this method that works, at least on CentOS 5 platforms. > The process assumes you have checked out PF_RING to /opt/PF_RING. It also > assumes you are not doing any "make install" stuff of the "lib" or > "libpcap-1.0.0-ring" parts of the PF_RING package. This means we aren't > interfering with other apps that use libpcap but don't need PF_RING. > > If anyone has any improvements to offer on this method, I'm all ears. > I use a similar method to successfully build daemonlogger and argus against > PF_RING and am happy to share details upon request. > > Maybe we could put a Wiki page somewhere on how to build popular apps against > PF_RING? > > > Building snort against PF_RING > > cd /opt/PF_RING/userland > wget http://dl.snort.org/snort-current/snort-2.8.5.2.tar.gz > tar zxvf snort-2.8.5.2.tar.gz > cd snort-2.8.5.2 > > LD_LIBRARY_PATH=/opt/PF_RING/userland/libpcap-1.0.0-ring:/root/packages/PF_RING/userland/lib > > LD_RUN_PATH=/opt/PF_RING/userland/libpcap-1.0.0-ring:/opt/PF_RING/userland/lib > > export LD_LIBRARY_PATH > export LD_RUN_PATH > > ./configure --with-libpcap-includes=/opt/PF_RING/userland/libpcap-1.0.0-ring/ > \ > --with-libpcap-libraries=/opt/PF_RING/userland/libpcap-1.0.0-ring/ \ > --with-libpfring-includes=/opt/PF_RING/userland/lib \ > --with-libpfring-libraries=/opt/PF_RING/userland/lib \ > LDFLAGS="-L/opt/PF_RING/userland/lib > -L/opt/PF_RING/userland/libpcap-1.0.0-ring -lpfring -lpcap" > > make > make install > > > > On 2/12/2010 9:27 AM, Peter Bates wrote: >> >> Hello again all... >> >> Replying to my own message in this case. >> >> I do realize this is technically a Snort problem as I have a happy >> copy of tcpdump and pfcount and have also compiled another application >> (ipaudit) against pfring and the modified libpcap. >> >> I have updated from svn and am trying again, mostly following the >> instructions from ntop.org and PF_RING/userland/README.snort. >> >> I follow those instructions: >> >> Prerequisites >> # cd PF_RING/kernel >> # make >> # sudo make install >> >> I can see: >> Feb 12 10:46:07 netman3 kernel: [176840.220281] [PF_RING] Welcome to PF_RING >> 4.1.2 ($Revision: 4132$) >> and I have /proc/net/pf_ring. >> >> Snort >> # download snort source (e.g. into ~/Downloads/snort-2.8.5.1.tar.gz) >> # cd PF_RING/userland >> # tar xvfz ~/Downloads/snort-2.8.5.1.tar.gz >> # cd snort-2.8.5.1/ >> # ./configure --with-libpcap-includes=../libpcap-1.0.0-ring/ >> --with-libpcap-libr >> aries=../libpcap-1.0.0-ring/ -with-libpfring-includes=../lib >> --with-libpfring-li >> braries=../lib LDFLAGS="-lpfring -lpcap" >> # make >> >> Snort is 2.8.5.2 so I've downloaded that version. >> The configure line is missing a '-' in the libpfring-includes >> - but when I fix that, I get: >> >> checking for gcc... gcc >> checking for C compiler default output file name... >> configure: error: C compiler cannot create executables >> See `config.log' for more details. >> >> Which is because of: >> >> configure:2941: checking for C compiler default output file name >> configure:2968: gcc -lpfring -lpcap conftest.c >&5 >> /usr/bin/ld: cannot find -lpfring >> collect2: ld returned 1 exit status >> >> As I say, I realize this is more Snort failing to compile than anything to >> do with >> PF_RING but if anyone has done this recently I'd appreciate it you could >> help >> as to why I'm having problems with this - my next stop is to try on the >> Snort list. >> > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc --- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
