Compiling on Solaris w/o bpf.h ??

carter at qosient.com carter at qosient.com
Tue Oct 31 07:07:44 EST 2006


Hey Tom,
Well, we've moved on to argus-3.0 which is completely different, and all the issues you are mentioning are fixed.

Is there something that the SIFT tools do in particular that we could do with argus tools?  Are they going to support argus-3.0?

Carter


Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: Tom Briglia <briglia at stanford.edu>
Date: Mon, 30 Oct 2006 09:26:51 
To:Carter Bullard <carter at qosient.com>
Cc:Argus <argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Compiling on Solaris w/o bpf.h ??

Hey Carter,

I understand yet as I mentioned in my last paragraph below one of the 
reasons I started working with Argus was to utilize the SIFT tools 
(http://www.projects.ncassr.org/sift) and according to their website the 
Argus output format changed in 2.0.6 so that is why I started with 2.0.5.

Thx!

Tom

Carter Bullard wrote:

> Hmmmm, what version of argus are you trying to build?  You should be  
> trying to build
> argus-3.0.0.rc.3x (we're currently on rc.33).   I believe that the  
> SASL problems have
> been dealt with in argus-3.0?  The ether_ntohost() issues, etc....
>
> Carter
>
>
>
> On Oct 26, 2006, at 6:52 PM, Tom Briglia wrote:
>
>> Hey Carter,
>>
>> Thanks for the follow up! Sure I'll grab that off my dev system  
>> later and forward it to you.
>>
>> BTW another point of frustration . . . I noticed that after  
>> successfully compiling there was no SASL support and when I went  
>> back to the config log I saw that it did not find SASL even though  I 
>> had pointed to it. I did some hacking of the configure script so  it 
>> would find sasl.h yet then the frustration really started . . .
>>
>> Took me a couple hrs of hacking to figure it out, yet the  conclusion 
>> is that Argus 2.0.X cannot use Version 2 of SASL. Long  story short I 
>> grabbed the most recent release of V1 of SASL,  compiled it, unhacked 
>> the changes I made to the configure script  and then got Argus 
>> compiled with SASL.
>>
>> So this too would be a welcomed addition to the INSTALL or README,  
>> ie: SASL V1 is required not V2, would have saved me a couple hrs of  
>> frustration.
>>
>> Finally one more favor . . . do you know of any detailed  'cookbooks' 
>> on how to get going with Argus? I have a couple hundred  systems 
>> (Solaris, Linux, and Win) and want to run Argus on as many  as 
>> possible so I can map out what systems are talking to what  systems 
>> on our networks. I think I know what I need to do, yet I  hate 
>> reinventing the wheel so if anyone has written up a good  "Argus 
>> Cookbook" or an 'Idiots Guide to large scale Argus  Deployments' I 
>> would love to get my hands on those docs!
>>
>> Also one last comment I am using 2.0.5 for I was hoping to leverage  
>> the SIFT tools (http://www.projects.ncassr.org/sift) and according  
>> to their website the Argus output format changed between 2.0.5 and  
>> 2.0.6 and the SIFT tools will not work with 2.0.6, and I am  
>> suspecting Version 3 too. Any comments on this?
>>
>> Thanks!
>>
>> Regards,
>>
>> Tom
>>
>> carter at qosient.com wrote:
>>
>>> Hey Tom,
>>> Thanks, I'll add the test to the configure script.   Could you do  
>>> me a favor, and send the output of the ./config/config.guess  
>>> script?  I'll need to see what the script see's as your os.
>>>
>>> Carter
>>>
>>>
>>> Carter Bullard
>>> QoSient LLC
>>> 150 E. 57th Street Suite 12D
>>> New York, New York 10022
>>> +1 212 588-9133 Phone
>>> +1 212 588-9134 Fax
>>> -----Original Message-----
>>> From: Tom Briglia <briglia at stanford.edu>
>>> Date: Wed, 25 Oct 2006 19:20:17 To:argus-info at lists.andrew.cmu.edu
>>> Subject: Re: [ARGUS] Compiling on Solaris w/o bpf.h ??
>>>
>>>
>>> I figured out how I had to edit the gencode.c file changing bpf.h to
>>> pcap-bpf.h. It would be nice if this was added to the INSTALL or  
>>> README
>>> files since it seems to be an old problem relating to pcap headers.
>>>
>>> Also for anyone interested in compiling on Solaris 10, it appears  that
>>> Solaris 10 now includes:
>>>
>>> ether_ntohost
>>> ether_hostton
>>>
>>> in /usr/include/sys/ethernet.h.
>>>
>>> So in order to get Argus to compile I had to go hack up  
>>> argusfilter.c and
>>> comment out the varied declarations of ether_ntohost  ether_hostton. 
>>> Once I
>>> did that everything finally compiled. :-)
>>>
>>>
>>>
>>> Quoting Tom Briglia <briglia at stanford.edu>:
>>>
>>>
>>>> Hi Folks,
>>>>
>>>> I am a newbie to Argus and trying to compile on Solaris. I have seen
>>>> multiple references that Argus will compile on Solaris which is  why I
>>>> even
>>>> tried in the first place.
>>>>
>>>> I successfully compiled and installed Bison, libpcap, libwrap,  and 
>>>> sasl
>>>> on
>>>> Solaris 10 and successfully ran the argus ./configure script.  When 
>>>> I try
>>>> to
>>>> compile Argus it starts crapping out due to no bpf.h:
>>>>
>>>> gcc -O2 -mcpu=v9 -m64 -O -I. -I../include -I../../ 
>>>> tcp_wrappers_7.6-ipv6.4
>>>> -I../../libpcap-0.9.5 -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\"
>>>> -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT= \"\"
>>>> -DLBL_ALIGN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 - 
>>>> DHAVE_SYS_STAT_H=1
>>>> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 - 
>>>> DHAVE_STRINGS_H=1
>>>> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
>>>> -DHAVE_TCP_WRAPPER=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1
>>>> -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 - 
>>>> DHAVE_SOLARIS=1
>>>> -DSTDC_HEADERS=1  -DARGUS_SYSLOG=1 -c ./gencode.c
>>>> ./gencode.c:62:21: net/bpf.h: No such file or directory
>>>>
>>>> I have searched my system and searched google and I get the  
>>>> impression
>>>> "bfp.h" is not native to Solaris.
>>>>
>>>> I figured maybe it would be included in libpcap yet it is not.
>>>>
>>>> So what is the real deal? How can Argus be compiled on Solaris w/ o 
>>>> bpf.h?
>>>>
>>>> I have a whole network of Solaris systems I would like to run  
>>>> Argus on
>>>> yet
>>>> am now hitting this showstpper . . .
>>>>
>>>> Any help will be greatly appreciated!
>>>>
>>>> Thanks!
>>>>
>>>> Tom
>>>>
>>>>
>>>
>>>
>>>
>>>
>>
>>
>
>




More information about the argus mailing list