Compiling on Solaris w/o bpf.h ??

Carter Bullard carter at qosient.com
Mon Oct 30 10:25:27 EST 2006 

Hmmmm, what version of argus are you trying to build?  You should be  
trying to build
argus-3.0.0.rc.3x (we're currently on rc.33).   I believe that the  
SASL problems have
been dealt with in argus-3.0?  The ether_ntohost() issues, etc....

Carter



On Oct 26, 2006, at 6:52 PM, Tom Briglia wrote:

> Hey Carter,
>
> Thanks for the follow up! Sure I'll grab that off my dev system  
> later and forward it to you.
>
> BTW another point of frustration . . . I noticed that after  
> successfully compiling there was no SASL support and when I went  
> back to the config log I saw that it did not find SASL even though  
> I had pointed to it. I did some hacking of the configure script so  
> it would find sasl.h yet then the frustration really started . . .
>
> Took me a couple hrs of hacking to figure it out, yet the  
> conclusion is that Argus 2.0.X cannot use Version 2 of SASL. Long  
> story short I grabbed the most recent release of V1 of SASL,  
> compiled it, unhacked the changes I made to the configure script  
> and then got Argus compiled with SASL.
>
> So this too would be a welcomed addition to the INSTALL or README,  
> ie: SASL V1 is required not V2, would have saved me a couple hrs of  
> frustration.
>
> Finally one more favor . . . do you know of any detailed  
> 'cookbooks' on how to get going with Argus? I have a couple hundred  
> systems (Solaris, Linux, and Win) and want to run Argus on as many  
> as possible so I can map out what systems are talking to what  
> systems on our networks. I think I know what I need to do, yet I  
> hate reinventing the wheel so if anyone has written up a good  
> "Argus Cookbook" or an 'Idiots Guide to large scale Argus  
> Deployments' I would love to get my hands on those docs!
>
> Also one last comment I am using 2.0.5 for I was hoping to leverage  
> the SIFT tools (http://www.projects.ncassr.org/sift) and according  
> to their website the Argus output format changed between 2.0.5 and  
> 2.0.6 and the SIFT tools will not work with 2.0.6, and I am  
> suspecting Version 3 too. Any comments on this?
>
> Thanks!
>
> Regards,
>
> Tom
>
> carter at qosient.com wrote:
>
>> Hey Tom,
>> Thanks, I'll add the test to the configure script.   Could you do  
>> me a favor, and send the output of the ./config/config.guess  
>> script?  I'll need to see what the script see's as your os.
>>
>> Carter
>>
>>
>> Carter Bullard
>> QoSient LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>> -----Original Message-----
>> From: Tom Briglia <briglia at stanford.edu>
>> Date: Wed, 25 Oct 2006 19:20:17 To:argus-info at lists.andrew.cmu.edu
>> Subject: Re: [ARGUS] Compiling on Solaris w/o bpf.h ??
>>
>>
>> I figured out how I had to edit the gencode.c file changing bpf.h to
>> pcap-bpf.h. It would be nice if this was added to the INSTALL or  
>> README
>> files since it seems to be an old problem relating to pcap headers.
>>
>> Also for anyone interested in compiling on Solaris 10, it appears  
>> that
>> Solaris 10 now includes:
>>
>> ether_ntohost
>> ether_hostton
>>
>> in /usr/include/sys/ethernet.h.
>>
>> So in order to get Argus to compile I had to go hack up  
>> argusfilter.c and
>> comment out the varied declarations of ether_ntohost  
>> ether_hostton. Once I
>> did that everything finally compiled. :-)
>>
>>
>>
>> Quoting Tom Briglia <briglia at stanford.edu>:
>>
>>
>>> Hi Folks,
>>>
>>> I am a newbie to Argus and trying to compile on Solaris. I have seen
>>> multiple references that Argus will compile on Solaris which is  
>>> why I
>>> even
>>> tried in the first place.
>>>
>>> I successfully compiled and installed Bison, libpcap, libwrap,  
>>> and sasl
>>> on
>>> Solaris 10 and successfully ran the argus ./configure script.  
>>> When I try
>>> to
>>> compile Argus it starts crapping out due to no bpf.h:
>>>
>>> gcc -O2 -mcpu=v9 -m64 -O -I. -I../include -I../../ 
>>> tcp_wrappers_7.6-ipv6.4
>>> -I../../libpcap-0.9.5 -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\"
>>> -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT= 
>>> \"\"
>>> -DLBL_ALIGN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 - 
>>> DHAVE_SYS_STAT_H=1
>>> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 - 
>>> DHAVE_STRINGS_H=1
>>> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
>>> -DHAVE_TCP_WRAPPER=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1
>>> -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 - 
>>> DHAVE_SOLARIS=1
>>> -DSTDC_HEADERS=1  -DARGUS_SYSLOG=1 -c ./gencode.c
>>> ./gencode.c:62:21: net/bpf.h: No such file or directory
>>>
>>> I have searched my system and searched google and I get the  
>>> impression
>>> "bfp.h" is not native to Solaris.
>>>
>>> I figured maybe it would be included in libpcap yet it is not.
>>>
>>> So what is the real deal? How can Argus be compiled on Solaris w/ 
>>> o bpf.h?
>>>
>>> I have a whole network of Solaris systems I would like to run  
>>> Argus on
>>> yet
>>> am now hitting this showstpper . . .
>>>
>>> Any help will be greatly appreciated!
>>>
>>> Thanks!
>>>
>>> Tom
>>>
>>>
>>
>>
>>
>>
>
>

More information about the argus mailing list