1.下载下面网址列出的所有列出的软件
http://www.snort.org/start/requirements
- Libpcap
- PCRE
- Libdnet
- Barnyard2
- DAQ
Note to Windows users: If you’re downloading Snort binaries the only requirements are WinPcap and Barnyard.
Libpcap
In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.
Monitoring software may use libpcap and/or WinPcap to capture packets traveling over a network. libpcap and WinPcap also support saving captured packets to a file and reading files containing saved packets. Snort uses these files to read network traffic and analyze it.
For more information and to download please visit tcpdump
PCRE
Perl Compatible Regular Expressions (PCRE) is a regular expression C library inspired by Perl’s external interface, written by Philip Hazel. The PCRE library is incorporated into a number of prominent open-source programs such as the Apache HTTP Server, the PHP and R scripting languages, and Snort.
For more information and to download please visit PCRE
Libdnet
Libdnet is a generic networking API that provides access to several protocols.
For more information and to download please visit libdnet
Barnyard2
Barnyard is an output system for Snort. Snort creates a special binary output format called ``unified.’’ Barnyard2 reads this file, and then resends the data to a database back-end. Unlike the database output plugin, Barnyard2 manages the sending of events to the database and stores them when the database temporarily cannot accept connections.
For more information and to download please visit barnyard2
DAQ
DAQ is the Data-Acquisition API that is necessary to use Snort version 2.9.0 and above.
For more information and to download please visit DAQ
Next: Download Snort
2.如果需要apache ,php ,mysql,snort,acid支持,还需要下载上述软件
参考 http://shenjianzhousx.blog.51cto.com/1627247/454480
3../configute snort过程中出现
ERROR! Libpcap library version >= 1.0.0 not found.
请参考
https://forums.snort.org/forums/snort-newbies/topics/libpcap-not-found
First it is important to note that libpcap is found, just not a version that is >=1.0.0. Notice the message above the one you posted says "checking for pcap_lib_version" = "yes". Then the line you posted indicates a failure because libpcap is not recent enough:
checking for pcap_lib_version… checking for pcap_lib_version in -lpcap… yes
checking for libpcap version >= "1.0.0"… no
ERROR! Libpcap library version >= 1.0.0 not found. Get it from <a href="http://www.tcpdump.org">http://www.tcpdump.org</a>
It appears libpcap-1.1.1.tar.gz installs the library into /usr/local/lib. I tried to force daq to use that library as mentioned in the link Quiltface provided, but it did not work. This lead me to look for another version of libpcap which may be the one that daq is inspecting. I ended up finding another version which was much older:
root@xxxx:# locate libpcap
/usr/lib/libpcap.a
/usr/local/lib/libpcap.a
root@xxxx:# ls l /usr/lib/libpcap.a -r— 1 root root 228262 2008-04-08 22:19 /usr/lib/libpcap.a
-rw-r
root@xxxx:# ls l /usr/local/lib/libpcap.a -r— 1 root root 293658 2011-01-01 22:37 /usr/local/lib/libpcap.a
-rw-r
I copied the new one over the old one and daq compiled and installed without issue:
root@xxxx:# cp /usr/local/lib/libpcap.a /usr/lib/
checking for pcap_lib_version… checking for pcap_lib_version in -lpcap… yes
checking for libpcap version >= "1.0.0"… yes
4.运行snort过程中出现没有找到规则,添加规则或“#”掉。
出现其他错误请参考:http://www.2cto.com/Article/201008/54546.html
1、
ERROR: parser.c(5047) Could not stat dynamic module path "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or directory.
Fatal Error, Quitting..
原因:没有找到/usr/local/lib/snort_dynamicengine/libsf_engine.so文件所在的目录。
解决:将snort安装目录下lib目录内的snort_dynamicpreprocessor目录,创建软链接到/usr/local/lib下面。
如:ln -s /usr/local/snort/lib/snort_dynamicpreprocessor /usr/local/lib/snort_dynamicpreprocessor
2、
ERROR: parser.c(5047) Could not stat dynamic module path "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or directory.
Fatal Error, Quitting..
原因:没有找到/usr/local/lib/snort_dynamicengine/libsf_engine.so文件所在的目录。
解决:将snort安装目录下lib目录内的snort_dynamicengine目录,创建软链接到/usr/local/lib下面。
如:ln -s /usr/local/snort/lib/snort_dynamicengine /usr/local/lib/snort_dynamicengine
3、
ERROR: parser.c(5047) Could not stat dynamic module path "/usr/local/lib/snort_dynamicrules/bad-traffic.so": No such file or directory.
Fatal Error, Quitting..
原因:没有找到/usr/local/lib/snort_dynamicrules/bad-traffic.so文件所在的目录。
解决:将snort安装目录下so_rules/precompiled/Centos-5-4/i386/2.8.6.0目录,创建软链接到/usr/local/lib下面。
如:ln -s /usr/local/snort/so_rules/precompiled/Centos-5-4/i386/2.8.6.0 /usr/local/lib/snort_dynamicrules
(请按实际情况选择正确的操作系统的版本及CPU类型)
二、在编译安装snort过程中提示:
ERROR: /usr/local/snort/etc/snort.conf(193) => Invalid keyword compress_depth for global configuration.
原因:在编译的时候没有带--enable-zlib
解决:清除所有已编译安装的snort信息,再进行编译安装,编译的时候带上--enable-zlib参数。
注:我在进行重新覆盖编译(带--enable-zlib参数)安装,没有成功,不知道是必须清空以前的snort信息,还是RP有问题。
三、在进行base的web配置的时候提示:
Your PHP Logging Level is too high to handle the running of BASE!
Please set the error_reporting variable to at least E_ALL & ~E_NOTICE in your php.ini!
The directory where BASE is installed does not allow the web server to write.
This will prevent the setup progam from creating the base_conf.php file. You have two choices.
1. Make the directory writeable for the web server user.
2. When the set up is done, copy the information displayed to the screen and use it to create a base_conf.php.
原因:
0、提示运行base的记录的PHP日志级别太高。
1、snort的web目录没有写权限;
2、base_conf.php内的参数有问题;
解决:
0、编辑php.ini,找到error_reporting,修改为:error_reporting = E_ALL & ~E_NOTICE
1、将snort的web目录权限修改为757或777
2、将相关的参数(snort数据库名称、用户名、密码、数据库类型、数据库位置等信息)设置在base_conf.php文件内。
四、Not Using PCAP_FRAMES
解决:
# export PCAP_FRAMES="Foo Bar This setting has no impact on my libpcap instance"
(修改用户的环境变量。解决问题的方法出处:http://leonward.wordpress.com/2008/07/18/not-using-pcap_frames-aka-when-good-verbosity-goes-bad/)
五、ERROR: The php session does not contain the array key "adodbpath". This is typically caused by not having allowed cookies. Exiting.
原因:???
解决:???
这个问题我自己也没搞定,待查。
六、在Base的web页面中出现:
Check your Pear::Image_Graph installation!
* Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no
graphing operations can be performed.
* Make sure PEAR libraries can be found by php at all:
pear config-show | grep "PEAR directory"
PEAR directory php_dir /usr/share/pear
This path must be part of the include path of php (cf. /etc/php.ini):
php -i | grep "include_path"
include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php
原因:Base需要绘图插件Image_Graph,Image_Graph没有安装。
解决:去http://pear.veggerby.dk/下载Image_Canvas及Image_Graph进行安装,也可直接执行下列命令让系统自己下载安装:
# pear install Image_Canvas-0.3.2
downloading Image_Canvas-0.3.2.tgz ...
Starting to download Image_Canvas-0.3.2.tgz (54,698 bytes)
.............done: 54,698 bytes
downloading Image_Color-1.0.4.tgz ...
Starting to download Image_Color-1.0.4.tgz (9,501 bytes)
...done: 9,501 bytes
install ok: channel://pear.php.net/Image_Color-1.0.4
install ok: channel://pear.php.net/Image_Canvas-0.3.2
# pear install Image_Graph-0.7.2
Did not download dependencies: pear/Numbers_Roman, pear/Numbers_Words, use --alldeps or --onlyreqdeps to download automatically
pear/Image_Graph can optionally use package "pear/Numbers_Roman"
pear/Image_Graph can optionally use package "pear/Numbers_Words"
downloading Image_Graph-0.7.2.tgz ...
Starting to download Image_Graph-0.7.2.tgz (368,056 bytes)
.....................................done: 368,056 bytes
install ok: channel://pear.php.net/Image_Graph-0.7.2
(说明:事先必须安装php-pear组件!)
5。ERROR: snort.conf(387) => Unable to open the IIS Unicode Map file './unicode.map'.
找到unicode.map copy到提示出错的目录。
6.其他问题请google。good luck!!!!
转载于:https://blog.51cto.com/weber213/732126
967
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
