[Honeywall] Snort Update

JEFFREY S STEWART jss1124 at esu.edu
Thu Aug 6 12:22:23 EDT 2009


I had been starting to get the hint of this throughout the patching process, but wasn't certain.  I figured it was just safer to go with patching it all instead, of trying to reduce.  Thanks for the correction.


-----Original Message-----
From: honeywall-bounces at public.honeynet.org on behalf of MutziMan
Sent: Thu 8/6/2009 12:21 PM
To: Mailing list for users and developers of the Honeywall
Subject: Re: [Honeywall] Snort Update
Hey Jeffrey,

As i mentioned in another posting I was also working on getting snort 2.8 up
and running on honeywall. Had some other stuff to do and I hope this
solution is not just working for me.

I hope you are aware that appendepoch and the existing nostamp are just the
same. So instead of patching redundancy into the source code i suggest
simply changing "appendepoch 0" to "nostamp" in snort.conf Actually it took
a while till i figured it out.
Patch appended for the lazy people


2009/8/6 JEFFREY S STEWART <jss1124 at esu.edu>

> All,
> Attached is a patch for snort which enables it to work with
> hflow2.  Download snort source, cd to the directory
> snort_root_directory/src/output-plugins.  From there run:
> patch -p0 < spo_unified.c.patch
> Then build and install snort as normal.  You will also need a new
> snort.conf; I've attached mine.  The only part of snort.conf that different
> from the default is the alerting/logging.  Your snort.conf may be different
> depending on your configuration.
> I've managed to get this to work for me, but it might not for you.  Let me
> know if you have any problems.
> Snort Download:
> http://www.snort.org/downloads
> Thanks,
> Jeff
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall


A change of heart, a change of plan must surely be the way. Get off the
ground - you're heaven-bound! And if you like it when you're there you'll be
allowed to stay.

"This is the way it has to be", the wisemen wisely said. So we believed, but
some did not. And though we never knew, the wisemen, wisely had them shot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20090806/0ee03222/attachment.html

More information about the Honeywall mailing list