Compiling on Solaris w/o bpf.h ??

Tom Briglia briglia at stanford.edu
Thu Oct 26 18:52:39 EDT 2006 

Hey Carter,

Thanks for the follow up! Sure I'll grab that off my dev system later 
and forward it to you.

BTW another point of frustration . . . I noticed that after successfully 
compiling there was no SASL support and when I went back to the config 
log I saw that it did not find SASL even though I had pointed to it. I 
did some hacking of the configure script so it would find sasl.h yet 
then the frustration really started . . .

Took me a couple hrs of hacking to figure it out, yet the conclusion is 
that Argus 2.0.X cannot use Version 2 of SASL. Long story short I 
grabbed the most recent release of V1 of SASL, compiled it, unhacked the 
changes I made to the configure script and then got Argus compiled with 
SASL.

So this too would be a welcomed addition to the INSTALL or README, ie: 
SASL V1 is required not V2, would have saved me a couple hrs of frustration.

Finally one more favor . . . do you know of any detailed 'cookbooks' on 
how to get going with Argus? I have a couple hundred systems (Solaris, 
Linux, and Win) and want to run Argus on as many as possible so I can 
map out what systems are talking to what systems on our networks. I 
think I know what I need to do, yet I hate reinventing the wheel so if 
anyone has written up a good "Argus Cookbook" or an 'Idiots Guide to 
large scale Argus Deployments' I would love to get my hands on those docs!

Also one last comment I am using 2.0.5 for I was hoping to leverage the 
SIFT tools (http://www.projects.ncassr.org/sift) and according to their 
website the Argus output format changed between 2.0.5 and 2.0.6 and the 
SIFT tools will not work with 2.0.6, and I am suspecting Version 3 too. 
Any comments on this?

Thanks!

Regards,

Tom

carter at qosient.com wrote:

>Hey Tom,
>Thanks, I'll add the test to the configure script.   Could you do me a favor, and send the output of the ./config/config.guess script?  I'll need to see what the script see's as your os.
>
>Carter
>
>
>Carter Bullard
>QoSient LLC
>150 E. 57th Street Suite 12D
>New York, New York 10022
>+1 212 588-9133 Phone
>+1 212 588-9134 Fax  
>
>-----Original Message-----
>From: Tom Briglia <briglia at stanford.edu>
>Date: Wed, 25 Oct 2006 19:20:17 
>To:argus-info at lists.andrew.cmu.edu
>Subject: Re: [ARGUS] Compiling on Solaris w/o bpf.h ??
>
>
>I figured out how I had to edit the gencode.c file changing bpf.h to
>pcap-bpf.h. It would be nice if this was added to the INSTALL or README
>files since it seems to be an old problem relating to pcap headers.
>
>Also for anyone interested in compiling on Solaris 10, it appears that
>Solaris 10 now includes:
>
>ether_ntohost
>ether_hostton
>
>in /usr/include/sys/ethernet.h.
>
>So in order to get Argus to compile I had to go hack up argusfilter.c and
>comment out the varied declarations of ether_ntohost ether_hostton. Once I
>did that everything finally compiled. :-)
>
>
>
>Quoting Tom Briglia <briglia at stanford.edu>:
>
>  
>
>>Hi Folks,
>>
>>I am a newbie to Argus and trying to compile on Solaris. I have seen
>>multiple references that Argus will compile on Solaris which is why I
>>even
>>tried in the first place.
>>
>>I successfully compiled and installed Bison, libpcap, libwrap, and sasl
>>on
>>Solaris 10 and successfully ran the argus ./configure script. When I try
>>to
>>compile Argus it starts crapping out due to no bpf.h:
>>
>>gcc -O2 -mcpu=v9 -m64 -O -I. -I../include -I../../tcp_wrappers_7.6-ipv6.4
>>-I../../libpcap-0.9.5 -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\"
>>-DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\"
>>-DLBL_ALIGN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
>>-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
>>-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
>>-DHAVE_TCP_WRAPPER=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1
>>-DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_SOLARIS=1
>>-DSTDC_HEADERS=1  -DARGUS_SYSLOG=1 -c ./gencode.c
>>./gencode.c:62:21: net/bpf.h: No such file or directory
>>
>>I have searched my system and searched google and I get the impression
>>"bfp.h" is not native to Solaris.
>>
>>I figured maybe it would be included in libpcap yet it is not.
>>
>>So what is the real deal? How can Argus be compiled on Solaris w/o bpf.h?
>>
>>I have a whole network of Solaris systems I would like to run Argus on
>>yet
>>am now hitting this showstpper . . .
>>
>>Any help will be greatly appreciated!
>>
>>Thanks!
>>
>>Tom
>>
>>    
>>
>
>
>
>  
>

More information about the argus mailing list