1点击连接安装以下软件
2.解压daq源码包,此时直接安装daq会有报错,缺少各种各样的依赖包,所以要先安装依赖包:bison、flex、libpcap(安装过程见我上一篇博文)
3.编译安装dap: 进入解压好的文件夹 ./configure
3.如果出现以下错误,点击(点击打开链接),安装pcre-8.40.tar.gz,并解压 编译 安装
#./configure
#make
#make check
#make install
错误原文:
checking pcre.h usability… no
checking pcre.h presence… no
checking for pcre.h… no
ERROR! Libpcre header not found.
Get it from http://www.pcre.org
4.再回到dap目录下继续 ./configure 如果出现如下,则配置成功
- Build AFPacket DAQ module.. : yes
- Build Dump DAQ module...... : yes
- Build IPFW DAQ module...... : yes
- Build IPQ DAQ module....... : no
- Build NFQ DAQ module....... : no
- Build PCAP DAQ module...... : yes
- Build netmap DAQ module...... : no
5.编译:sudo autoreconf -ivf (如果没有autoreconf, 安装 sudo apt-get install autoconf automake libtool)
安装 : sudo make
sudo make install
6.进入snort目录,先安装下面的软件:libdumbnet-dev、zlib1g-dev
sudo apt-get install libdumbnet-dev zlib1g-dev
./configure --enable-sourcefire
snort会被安装到,如下目录:
snort: /usr/local/bin/snort /usr/local/lib/snort
8.启动snort
sudo snort时报错:
/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
sudo find / -type f -name *libpcre.so.*
sudo ln -s /lib/libpcre.so.0.0.1 /lib/libpcre.so.1
9.启动成功
- Running in packet dump mode
- --== Initializing Snort ==--
- Initializing Output Plugins!
- pcap DAQ configured to passive.
- Acquiring network traffic from "eno16777736".
- Decoding Ethernet
- --== Initialization Complete ==--
- ,,_ -*> Snort! <*-
- o" )~ Version 2.9.8.0 GRE (Build 229)
- '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
- Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
- Copyright (C) 1998-2013 Sourcefire, Inc., et al.
- Using libpcap version 1.7.4
- Using PCRE version: 8.35 2014-04-04
- Using ZLIB version: 1.2.8
- Commencing packet processing (pid=47760)