Inliniac » Snortsam http://www.inliniac.net/blog Everything inline. Wed, 11 Jan 2012 19:09:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 New Snortsam patch for Snort 2.8.0.1 http://www.inliniac.net/blog/2008/01/08/new-snortsam-patch-for-snort-2801.html http://www.inliniac.net/blog/2008/01/08/new-snortsam-patch-for-snort-2801.html#comments Tue, 08 Jan 2008 12:30:53 +0000 Victor Julien http://www.inliniac.net/blog/2008/01/08/new-snortsam-patch-for-snort-2801.html Matt Jonkman of Emerging Threats asked me to have a look at the existing Snortsam 2.8.0.1 patch as people were continuing to report problems with it. I updated it to compile without compiler warnings, build cleanly with debugging enabled, build cleanly with Snort’s IPv6 support enabled and added a check so it won’t act on alerts in IPv6 packets since the Snortsam framework does not support IPv6. Finally I removed the patch script so it’s provided as a ‘normal’ diff. Here is the patch: http://www.inliniac.net/files/snortsam-2.8.0.1.diff

Here are the instructions for getting your Snort 2.8.0.1 source patched:

Make sure you have a clean Snort 2.8.0.1 tree, then patch it:

cd snort-2.8.0.1
patch -p1 < ../snortsam-2.8.0.1.diff

Next, run ‘autojunk.sh’ to update the build system (you need to have libtoolize, aclocal, autoheader, autoconf and automake installed). After this, configure and build Snort normally:

./configure <your configure options>
make
make install

Thats it.

Thanks to Matt Jonkman of Emerging Threats for paying me to do this and CunningPike for doing the first iterations of the patch!

]]> http://www.inliniac.net/blog/2008/01/08/new-snortsam-patch-for-snort-2801.html/feed 2