Was able to get snort to install after messing with PKGBUILD.
Accidentally deleted my comment too :(
Search Criteria
Package Details: snort 3.5.0.0-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/snort.git (read-only, click to copy) |
|---|---|
| Package Base: | snort |
| Description: | A lightweight network IDS /IPS with OpenAppID support. |
| Upstream URL: | https://www.snort.org |
| Licenses: | GPL |
| Submitter: | Snowman |
| Maintainer: | robertfoster |
| Last Packager: | robertfoster |
| Votes: | 65 |
| Popularity: | 0.035856 |
| First Submitted: | 2012-11-16 17:33 (UTC) |
| Last Updated: | 2024-10-30 11:32 (UTC) |
Dependencies (17)
- gperftools (gperftools-gitAUR)
- hwloc
- hyperscan (hyperscan-gitAUR)
- libdaqAUR (libdaq-staticAUR)
- libdnet (libdnet-gitAUR)
- libmnl (libmnl-gitAUR)
- libpcap (libpcap-gitAUR)
- libunwind (libunwind-carbonAUR, libunwind-gitAUR)
- luajit (luajit-2.1-lua52-gitAUR, luajit-gitAUR, luajit-openrestyAUR)
- lz4 (lz4-gitAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- pcre
- pulledporkAUR
- xz (xz-gitAUR)
- zlib (zlib-ng-compat-gitAUR, zlib-gitAUR, zlib-ng-compatAUR, zlib-ng-compat)
- cmake (cmake-gitAUR) (make)
- pkgconf (pkgconf-gitAUR) (make)
Required by (5)
- barnyard2 (optional)
- oinkmaster
- pulledpork (optional)
- sguil-sensor (optional)
- snort3-extra
Sources (8)
vigilantehobo commented on 2021-12-03 03:01 (UTC)
Haxx commented on 2021-08-02 15:27 (UTC) (edited on 2021-08-02 15:30 (UTC) by Haxx)
Hi,
I have installed snort3 as provided by the AUR package:
""" :~$ snort -V
,,_ -> Snort++ <- o" )~ Version 3.1.6.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.4 Using LuaJIT version 2.1.5 Using OpenSSL 1.1.1f 25 Mar 2021 Using libpcap version 1.9.1 (with TPACKET_V3) Using PCRE version 8.45 2021-06-15 Using ZLIB version 1.2.11 Using FlatBuffers 2.0.0 Using Hyperscan version 5.4.0 2021-01-13 Using LZMA version 5.2.5 """ So far so good but when I test the defaul configuration file: """ $ snort -c /etc/snort/snort.lua
The long output ends up with:
Finished /etc/snort/snort.lua:
ERROR: Could not find requested DAQ module: pcap
FATAL: see prior 1 erros (0 warnings) Fatal Erro, Quitting.. """ instead of: """ Snort successfully validated the configuration (with 0 warnings). o")~ Snort exiting """
The same issue has been reported on Ubuntu 20.04 as well
Please advise,
amish commented on 2021-07-02 04:51 (UTC)
@akeller - actually message is wrong. You have to edit this file. /etc/snort/homenet.conf and NOT snort.lua
In most cases you do not need to edit homenet.conf if using private addresses.
akeller commented on 2021-07-02 03:12 (UTC) (edited on 2021-07-02 03:13 (UTC) by akeller)
pulledpork also probably shouldn't be a requirement since the rules are incompatible with snort3. The requirement should be removed or replaced with pulledpork3
edit: I'm completely new to snort and could be wrong about the compatibility. But that seems to be the case.
akeller commented on 2021-07-02 02:22 (UTC)
The install gives this message:
You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network.
but it seems that the conf file is now /etc/snort/snort.lua
robertfoster commented on 2021-06-10 11:31 (UTC) (edited on 2021-06-10 11:32 (UTC) by robertfoster)
@amish you're totally right, apologies. I added your username as contributor
hemitheconyx commented on 2021-06-06 09:21 (UTC)
Is there a reason for !makeflags to be in the options of the PKGBUILD ?
I built without it (meaning I built with my MAKEFLAGS, set to -j8) and it worked fine.
amish commented on 2021-06-06 01:57 (UTC) (edited on 2021-06-06 03:26 (UTC) by amish)
Hi robertfoster. You copied everything from my AUR package. Snort-nfqueue.
That is fine. But you didn't mention my name anywhere. i.e. you gave me no credits for studying snort 3 and putting lots of hardwork in configuring it etc.
Thats very bad.
Pinned Comments