[Snort-users] RE: Help please: libpcre.so.0: cannot open shared...
This is a discussion on [Snort-users] RE: Help please: libpcre.so.0: cannot open shared... within the Snort forums, part of the System Security and Security Related category; Hello, I had the same problem on a Solaris 8 box. After installing pcre, it = works. Lorenz Graf Message: 3 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-06-2004
|
|||
|
|||
[Snort-users] RE: Help please: libpcre.so.0: cannot open shared...
Hello,
I had the same problem on a Solaris 8 box. After installing pcre, it = works. Lorenz Graf Message: 3 From: "Corey Rock" <snort_sigs@hotmail.com> To: dwad24@excite.com, snort-users@lists.sourceforge.net Subject: RE: [Snort-users] Help please: libpcre.so.0: cannot open = shared... Date: Sat, 05 Jun 2004 17:10:16 +0000 Is this installed? pcre - Perl-compatible regular expression library >From: "David" <dwad24@excite.com> >Reply-To: dwad24@excite.com >To: snort-users@lists.sourceforge.net >Subject: RE: [Snort-users] Help please: libpcre.so.0: cannot open = shared... >Date: Fri, 4 Jun 2004 14:10:51 -0400 (EDT) > > Hey Gustavo,This may be a wild shot in the dark, but what is your=20 >environment variable $LD_LIBRARY_PATH set to? You can check by doing = this: =20 >echo $LD_LIBRARY_PATH If this comes up blank, or if the path to your=20 >libpcre.so.0 isn't there, you may need to add the path to your = libpcre.so.0=20 >library to that variable. For example: If your libpcre.so.0 resides in = >/usr/local/lib, you will need to add /usr/local/lib to that variable by = >doing thisin=20 >sh/bash/ksh:LD_LIBRARY_PATH=3D/usr/local/lib:$LD_LIBRARY_PATHexport=20 >LD_LIBRARY_PATHand in csh/tcsh (my syntax may be wrong); set=20 >LD_LIBRARY_PATH /usr/local/lib:$LD_LIBRARY_PATH If none of this is the=20 >case, make sure that permissions are ok, and make sure that if = libpcre.so.0=20 >is a symlink, that the file it is linked to exists as well. HTH, = Dave---=20 >On Fri 06/04, Gustavo Gomes < gustavo@auge.com.br > wrote:From:=20 >Gustavo Gomes [mailto: gustavo@auge.com.br]To:=20 >snort-users@lists.sourceforge.netDate: Fri, 4 Jun 2004 14:28:10=20 >-0300Subject: [Snort-users] Help please: libpcre.so.0: cannot open=20 >shared... > > > > > > > >Hello people, I=B4ve just finished to install snort in a PC and I got = an=20 >error when I tryed to start snort: "/etc/init.d/snort start = =20 > = =20 > Starting Intrusion Database System: SNORT/usr/local/bin/snort: = error=20 >while loading shared libraries: libpcre.so.0: cannot open shared object = >file: No such file or directory " Can anyone help me to fix this error? = >I=B4ve scanned the google and archive list of users and development in=20 >snort.org but I=B4ve not found nothing! > >_______________________________________________ >Join Excite! - http://www.excite.com >The most personalized portal on the Web! __________________________________________________ _______________ Watch the online reality show Mixed Messages with a friend and enter to = win=20 a trip to NY=20 http://www.msnmessenger-download.cli...7ave/direct/0= 1/ --__--__-- Message: 4 To: snort-users@lists.sourceforge.net Date: Sat, 05 Jun 2004 19:27:49 +0200 From: Primero <primero@fastwebnet.it> Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was =20 wondering how can i make the 2 sensor log to the same Mysql DB and how = to =20 differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my = only one Sensor now active. How can i change this value giving him a more explainy name ? (like =20 Snort_External) Will Acid recognize more Sensors? Bye --=20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ --__--__-- Message: 5 To: snort-users@lists.sourceforge.net From: Primero <primero@fastwebnet.it> Date: Sat, 05 Jun 2004 19:36:27 +0200 Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was wondering how can i make the 2 sensor log to the same Mysql DB and how = to differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my only one Sensor now active. How can i change this value giving him a more explainy name ? (like Snort_External) Will Acid recognize more Sensors? Bye --=20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ --__--__-- Message: 6 Date: Sat, 5 Jun 2004 10:46:19 -0700 From: Mike Cohen <mike.cohen@gmail.com> Reply-To: mike@antropyinc.com To: snort-users@lists.sourceforge.net Subject: [Snort-users] (no subject) Hello ,=20 Im new to snort, and Im trying to create a snort box that runs as a non root user. I have a user snort which is in the group snort_group. I have given the snort_group ownership to the /var/log/snort=20 directory and the /etc/snort directory. whenever I try to start snort as any non root user I get the following. If I use root, or sudo I can start the program fine. Im guessing I need access to the eth0 interface or some particular file or directory somehwere that is associated with starting sniffing on eth0 Can someone help me with this? Suse 9 Snort 2.12 snort@Myserver:/etc/snort> snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort_group Running in IDS mode Log directory =3D /var/log/snort Initializing Network Interface eth0 ERROR: OpenPcap() device eth0 open:=20 socket: Operation not permitted Fatal Error, Quitting.. any help is appreciated. M.C. --__--__-- Message: 7 Date: Sat, 5 Jun 2004 14:47:59 -0300 (ART) From: =3D?iso-8859-1?q?Snort=3D20IDS?=3D <seguranca_snort@yahoo.com.br> To: snort-users@lists.sourceforge.net Subject: [Snort-users] PHP complaint about GD First of all, reconpile PHP, in my case i compiled PHP, using these comands, the directories are up to you : "./configure=3D--prefix=3D/usr/local/ids/php --with-apxs2=3D/usr/local/ids/apache/apxs --with-config-file-path=3D/usr/local/ids/php --with-zlib-dir=3D/usr/local/ids/zlib --with-mysql=3D/usr/local/ids/mysql=20 --with-gd Please, let me know if it has worked "Snort, MySQL, Apache e Acid" yhe first guide in Portuguese __________________________________________________ ____________________ Yahoo! Messenger - Fale com seus amigos online. Instale agora!=20 http://br.download.yahoo.com/messenger/ --__--__-- Message: 8 To: snort-users@lists.sourceforge.net Date: Sat, 05 Jun 2004 21:16:52 +0200 From: Primero <primero@fastwebnet.it> Subject: [Snort-users] toll for snort rules management Hi all. What tool do you use to configure you snort rules? The only one i found is snortcenter ... is really the only one? bye --=20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ --__--__-- Message: 9 From: "Jeff Dell" <jdell@activeworx.com> To: "'Primero'" <primero@fastwebnet.it>, <snort-users@lists.sourceforge.net> Subject: RE: [Snort-users] toll for snort rules management Date: Sat, 5 Jun 2004 15:42:48 -0400 If you have a Windows 2000/XP management station you can also try IDS = Policy Manager at www.activeworx.org. It will SCP/FTP the policies to any OS sensor. Cheers, Jeff=20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Primero Sent: Saturday, June 05, 2004 3:17 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] toll for snort rules management Hi all. What tool do you use to configure you snort rules? The only one i found is snortcenter ... is really the only one? bye --=20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users --__--__-- Message: 10 From: "Jeff Dell" <jdell@activeworx.com> To: "'Primero'" <primero@fastwebnet.it>, <snort-users@lists.sourceforge.net> Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID Date: Sat, 5 Jun 2004 15:46:01 -0400 In the database output module setting add sensor_name=3DSnort_External. = You can also check out the following link for all of the database settings: http://www.snort.org/docs/snort_manual/node20.html Here is an example: output database: log, mysql, user=3Droot password=3Dtest dbname=3Ddb host=3Dlocalhost sensor_name=3DSnort_External Cheers, Jeff =20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Primero Sent: Saturday, June 05, 2004 1:28 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was =20 wondering how can i make the 2 sensor log to the same Mysql DB and how = to =20 differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my = only one Sensor now active. How can i change this value giving him a more explainy name ? (like =20 Snort_External) Will Acid recognize more Sensors? Bye --=20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users --__--__-- Message: 11 Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID Date: Sat, 5 Jun 2004 17:27:48 -0400 From: "Gould, Scott" <sgould@gogstats.org> To: <snort-users@lists.sourceforge.net> I also found I had to manually go into the db and add the extra sensors with a different SID to the sensor table when I ran a similar setup. If you end up using barnyard, just reference the sensor by it's SID in the sensor table=3D20 I don't run this setup anymore, due to getting up to 7 sensors and the DB couldn't handle it. Wasn't getting packet loss, as was using barnyard, juts DB got slow at around half a million entries. -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Jeff Dell Sent: Saturday, June 05, 2004 3:46 PM To: 'Primero'; snort-users@lists.sourceforge.net Subject: RE: [Snort-users] Multiple Snort sensor with MYSQL and ACID In the database output module setting add = sensor_name=3D3DSnort_External. You can also check out the following link for all of the database settings: http://www.snort.org/docs/snort_manual/node20.html Here is an example: output database: log, mysql, user=3D3Droot password=3D3Dtest = dbname=3D3Ddb host=3D3Dlocalhost sensor_name=3D3DSnort_External Cheers, Jeff =3D20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Primero Sent: Saturday, June 05, 2004 1:28 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Multiple Snort sensor with MYSQL and ACID Hi all, I'm setting Snort for the first time and i have to say ... cool:) I would like to have 2 sensors on 2 different point of my lan. i was = =3D20 wondering how can i make the 2 sensor log to the same Mysql DB and how to =3D20 differentiate beetween them. In Acid I see a Column called "Sensor" with the value "1" indicating my only one Sensor now active. How can i change this value giving him a more explainy name ? (like = =3D20 Snort_External) Will Acid recognize more Sensors? Bye --=3D20 Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...D3Dsnort-users ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...D3Dsnort-users --__--__-- _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/snort-users End of Snort-users Digest ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
