Compiling on Solaris w/o bpf.h ??

Tom Briglia briglia at stanford.edu
Mon Oct 30 12:26:51 EST 2006 

Hey Carter,

I understand yet as I mentioned in my last paragraph below one of the 
reasons I started working with Argus was to utilize the SIFT tools 
(http://www.projects.ncassr.org/sift) and according to their website the 
Argus output format changed in 2.0.6 so that is why I started with 2.0.5.

Thx!

Tom

Carter Bullard wrote:

> Hmmmm, what version of argus are you trying to build?  You should be  
> trying to build
> argus-3.0.0.rc.3x (we're currently on rc.33).   I believe that the  
> SASL problems have
> been dealt with in argus-3.0?  The ether_ntohost() issues, etc....
>
> Carter
>
>
>
> On Oct 26, 2006, at 6:52 PM, Tom Briglia wrote:
>
>> Hey Carter,
>>
>> Thanks for the follow up! Sure I'll grab that off my dev system  
>> later and forward it to you.
>>
>> BTW another point of frustration . . . I noticed that after  
>> successfully compiling there was no SASL support and when I went  
>> back to the config log I saw that it did not find SASL even though  I 
>> had pointed to it. I did some hacking of the configure script so  it 
>> would find sasl.h yet then the frustration really started . . .
>>
>> Took me a couple hrs of hacking to figure it out, yet the  conclusion 
>> is that Argus 2.0.X cannot use Version 2 of SASL. Long  story short I 
>> grabbed the most recent release of V1 of SASL,  compiled it, unhacked 
>> the changes I made to the configure script  and then got Argus 
>> compiled with SASL.
>>
>> So this too would be a welcomed addition to the INSTALL or README,  
>> ie: SASL V1 is required not V2, would have saved me a couple hrs of  
>> frustration.
>>
>> Finally one more favor . . . do you know of any detailed  'cookbooks' 
>> on how to get going with Argus? I have a couple hundred  systems 
>> (Solaris, Linux, and Win) and want to run Argus on as many  as 
>> possible so I can map out what systems are talking to what  systems 
>> on our networks. I think I know what I need to do, yet I  hate 
>> reinventing the wheel so if anyone has written up a good  "Argus 
>> Cookbook" or an 'Idiots Guide to large scale Argus  Deployments' I 
>> would love to get my hands on those docs!
>>
>> Also one last comment I am using 2.0.5 for I was hoping to leverage  
>> the SIFT tools (http://www.projects.ncassr.org/sift) and according  
>> to their website the Argus output format changed between 2.0.5 and  
>> 2.0.6 and the SIFT tools will not work with 2.0.6, and I am  
>> suspecting Version 3 too. Any comments on this?
>>
>> Thanks!
>>
>> Regards,
>>
>> Tom
>>
>> carter at qosient.com wrote:
>>
>>> Hey Tom,
>>> Thanks, I'll add the test to the configure script.   Could you do  
>>> me a favor, and send the output of the ./config/config.guess  
>>> script?  I'll need to see what the script see's as your os.
>>>
>>> Carter
>>>
>>>
>>> Carter Bullard
>>> QoSient LLC
>>> 150 E. 57th Street Suite 12D
>>> New York, New York 10022
>>> +1 212 588-9133 Phone
>>> +1 212 588-9134 Fax
>>> -----Original Message-----
>>> From: Tom Briglia <briglia at stanford.edu>
>>> Date: Wed, 25 Oct 2006 19:20:17 To:argus-info at lists.andrew.cmu.edu
>>> Subject: Re: [ARGUS] Compiling on Solaris w/o bpf.h ??
>>>
>>>
>>> I figured out how I had to edit the gencode.c file changing bpf.h to
>>> pcap-bpf.h. It would be nice if this was added to the INSTALL or  
>>> README
>>> files since it seems to be an old problem relating to pcap headers.
>>>
>>> Also for anyone interested in compiling on Solaris 10, it appears  that
>>> Solaris 10 now includes:
>>>
>>> ether_ntohost
>>> ether_hostton
>>>
>>> in /usr/include/sys/ethernet.h.
>>>
>>> So in order to get Argus to compile I had to go hack up  
>>> argusfilter.c and
>>> comment out the varied declarations of ether_ntohost  ether_hostton. 
>>> Once I
>>> did that everything finally compiled. :-)
>>>
>>>
>>>
>>> Quoting Tom Briglia <briglia at stanford.edu>:
>>>
>>>
>>>> Hi Folks,
>>>>
>>>> I am a newbie to Argus and trying to compile on Solaris. I have seen
>>>> multiple references that Argus will compile on Solaris which is  why I
>>>> even
>>>> tried in the first place.
>>>>
>>>> I successfully compiled and installed Bison, libpcap, libwrap,  and 
>>>> sasl
>>>> on
>>>> Solaris 10 and successfully ran the argus ./configure script.  When 
>>>> I try
>>>> to
>>>> compile Argus it starts crapping out due to no bpf.h:
>>>>
>>>> gcc -O2 -mcpu=v9 -m64 -O -I. -I../include -I../../ 
>>>> tcp_wrappers_7.6-ipv6.4
>>>> -I../../libpcap-0.9.5 -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\"
>>>> -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT= \"\"
>>>> -DLBL_ALIGN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 - 
>>>> DHAVE_SYS_STAT_H=1
>>>> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 - 
>>>> DHAVE_STRINGS_H=1
>>>> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
>>>> -DHAVE_TCP_WRAPPER=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1
>>>> -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 - 
>>>> DHAVE_SOLARIS=1
>>>> -DSTDC_HEADERS=1  -DARGUS_SYSLOG=1 -c ./gencode.c
>>>> ./gencode.c:62:21: net/bpf.h: No such file or directory
>>>>
>>>> I have searched my system and searched google and I get the  
>>>> impression
>>>> "bfp.h" is not native to Solaris.
>>>>
>>>> I figured maybe it would be included in libpcap yet it is not.
>>>>
>>>> So what is the real deal? How can Argus be compiled on Solaris w/ o 
>>>> bpf.h?
>>>>
>>>> I have a whole network of Solaris systems I would like to run  
>>>> Argus on
>>>> yet
>>>> am now hitting this showstpper . . .
>>>>
>>>> Any help will be greatly appreciated!
>>>>
>>>> Thanks!
>>>>
>>>> Tom
>>>>
>>>>
>>>
>>>
>>>
>>>
>>
>>
>
>

More information about the argus mailing list