Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] [Snortsam-discussion] HELP: setting upSnortSamrunsSnor

from [Rachmat Hidayat Al-Anshar] Network Security [Permanent Link]
Subject: Re: [Snort-users] [Snortsam-discussion] HELP: setting upSnortSamrunsSnort-2.8.0+BASE+Barnyard
Date: Fri, 9 Nov 2007 19:43:18 -0800 (PST) 
How is it Matt? 
How about SnortSam plugin for Snort-2.8.0, is it already patched correctly?

Now i'm use SnortSam prepatched (precompiled?!) snort-snortsam-2.7.0.tar.gz 
from snortsam.net package.
Is it any problem with this?
Any configuration that i've to add when compiling snort (to add the SnortSam 
functionality)?

----- Original Message ----
From: Matt Jonkman <jonkman@jonkmans.com>
To: snortsam-discussion@snortsam.net
Cc: Joel Esler <joel.esler@sourcefire.com>; Snort-users@lists.sourceforge.net
Sent: Thursday, November 8, 2007 11:32:07 AM
Subject: Re: [Snortsam-discussion] [Snort-users] HELP: setting 
upSnortSamrunsSnort-2.8.0+BASE+Barnyard

It does not yet. It's not been modified for 2.8 correctly yet.

I'll announce as soon as it is...

Matt

Anthony Rodgers wrote:

The patch is supposed to supply a patched call to RegisterPlugin() -

 if

it doesn't, I'd like to know......

CP 

-----Original Message-----
From: snortsam-discussion-bounces@snortsam.net
[mailto:snortsam-discussion-bounces@snortsam.net] On Behalf Of Will
Metcalf
Sent: Saturday, November 03, 2007 6:46 AM
To: Joel Esler
Cc: Snort-users@lists.sourceforge.net;

 snortsam-discussion@snortsam.net

Subject: Re: [Snortsam-discussion] [Snort-users] HELP: setting
upSnortSamrunsSnort-2.8.0+BASE+Barnyard

It appears as if the patch is broken.  It looks like RegisterPlugin
requires an OptType in 2.8 and whoever updated the patch did not

 specify

one.  so In spo_alert_fwsam.c

RegisterPlugin("fwsam", AlertFWsamOptionInit);

Needs to be something like....

RegisterPlugin("fwsam", AlertFWsamOptionInit,OPT_TYPE_ACTION);

here are the opt types you can specify.  I'm not sure which does

 what,

maybe Joel can clarify the correct one to use.  Need to go pack now,
getting ready for an 11 hour flight ;-)...

        OPT_TYPE_ACTION = 0,
        OPT_TYPE_LOGGING,
        OPT_TYPE_DETECTION,
        OPT_TYPE_MAX

Regards,

Will
On 11/3/07, Joel Esler <joel.esler@sourcefire.com> wrote:

What version of Snort are you running?
Is SnortSAM compatible with that version?

Did you notice you typed "--with-ysql-libraries" instead of 
"--with-mysql-libraries".

In addition to that, I recommend you do NOT have Snort log directly

 to



the DB, instead, use Snort to log to unified, then have a separate 
tool named "barnyard" to insert the unified files into the DB.

J



On Nov 3, 2007, at 1:49 AM, Rachmat Hidayat Al-Anshar wrote:


All right then,
I've been trying to going through this process with ignoring the 
warning message produced by aclocal.
The proccess continued

# autoheader
# automake -add-missing
# autoconf
#./configure --enable-dynamicplugin
--with-mysql-includes=/usr/include/mysql
--with-ysql-libraries=/usr/lib

and suddenly...

spo_alert_fwsam.c: In function 'AlertFWsamSetup':
spo_alert_fwsam.c:143: warning: passing arg 3 of 
'RegisterOutputPlugin' from incompatible pointer type
spo_alert_fwsam.c:144: error: too few arguments to function

'RegisterPlugin'

spo_alert_fwsam.c: In function 'AlertFWsam':
spo_alert_fwsam.c:905: warning: passing arg 2 of 'TwoFishEncrypt'

 from



incompatible pointer type
spo_alert_fwsam.c:940: warning: passing arg 2 of 'TwoFishDecrypt'

 from



incompatible pointer type
spo_alert_fwsam.c:946: warning: passing arg 2 of 'TwoFishDecrypt'

 from



incompatible pointer type
spo_alert_fwsam.c:979: warning: passing arg 2 of 'TwoFishDecrypt'

 from



incompatible pointer type
spo_alert_fwsam.c:985: warning: passing arg 2 of 'TwoFishDecrypt'

 from



incompatible pointer type
spo_alert_fwsam.c: In function 'FWsamCheckOut':
spo_alert_fwsam.c:1141: warning: passing arg 2 of 'TwoFishEncrypt' 
from incompatible pointer type
spo_alert_fwsam.c:1157: warning: passing arg 2 of 'TwoFishDecrypt' 
from incompatible pointer type
spo_alert_fwsam.c:1163: warning: passing arg 2 of 'TwoFishDecrypt' 
from incompatible pointer type
spo_alert_fwsam.c: In function 'FWsamCheckIn':
spo_alert_fwsam.c:1274: warning: passing arg 2 of 'TwoFishEncrypt' 
from incompatible pointer type
spo_alert_fwsam.c:1293: warning: passing arg 2 of 'TwoFishDecrypt' 
from incompatible pointer type
make[3]: *** [spo_alert_fwsam.o] Error 1
make[3]: Leaving directory

'/research/snort/snort-2.8.0/src/output-plugins'

make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/research/snort/snort-2.8.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/research/snort/snort-2.8.0'
make: *** [all] Error 2

What's wrong with snort?!
How to solve this?

Any response will be appreciated
Thanks
(^^!) Mat

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com


 ----------------------------------------------------------------------

--- This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a

browser.

Download your FREE copy of Splunk now >> 


 http://get.splunk.com/_______________________________________________

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



 ----------------------------------------------------------------------

--- This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a

browser.

Download your FREE copy of Splunk now >> http://get.splunk.com/ 
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snortsam-discussion mailing list
Snortsam-discussion@snortsam.net
http://lists.snortsam.net/mailman/listinfo/snortsam-discussion
_______________________________________________
Snortsam-discussion mailing list
Snortsam-discussion@snortsam.net
http://lists.snortsam.net/mailman/listinfo/snortsam-discussion


-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


_______________________________________________
Snortsam-discussion mailing list
Snortsam-discussion@snortsam.net
http://lists.snortsam.net/mailman/listinfo/snortsam-discussion





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Snort-users] [Snortsam-discussion] HELP: setting upSnortSamrunsSnort-2.8.0+BASE+Barnyard, Rachmat Hidayat Al-Anshar <=
Previous by Date:  [Snort-users] (no subject), Rachmat Hidayat Al-Anshar
Next by Date:  [Snort-users] HELP: "Segmentation Fault" as result of wwwboard passwd.txt attack, Rachmat Hidayat Al-Anshar
Previous by Thread:  [Snort-users] (no subject), Rachmat Hidayat Al-Anshar
Next by Thread:  [Snort-users] HELP: "Segmentation Fault" as result of wwwboard passwd.txt attack, Rachmat Hidayat Al-Anshar
Indexes:  [Date] [Thread] [Top] [All Lists]