Problems compiling Sagan
Cian
When I try to compile sagan (on Fedora 16, running on i686), I get the
below errors :
usr/bin/ld: sagan.o: undefined reference to symbol 'ee_initCtx
/usr/bin/ld: note: 'ee_initCtx' is defined in DSO /usr/lib/libee.so.0
so try adding it to the linker command line
/usr/lib/libee.so.0: could not read symbols: Invalid operation
I'm using libestr 0.1.2, libee 0.4.0, and liblognorm 0.3.3.
setting the value of $LIBS, or $LDFLAGS seems to stop it from
compiling at all.
Any idea what I'm doing wrong?
Thanks
Cian
Champ Clark III
Hash: SHA1
Sorry for the delay! I almost missed this message.
First off, what version of Sagan is this? Is the Sagan 0.2.0 or is
it from the git tree?
It looks like to me that this is a liblognorm issue. How did you
install that? You might want to check:
https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm
Let me know how it works out.
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPV5cVAAoJENnmXt7Lmc3KznwIAJimbJ+lUDoRgKZnp7PuorLK
bJBDa6zBPWkpq25xDQ8IRl+c2s2PRB6A/M9SjJ26UQHdEVwLQd2LwBvfBJ/mQWuo
/9+Add6AI0VybY+vIxSw8wGztws+dooj3/Mf0jCvPmQmgrHB2UOxCokXgOQSSwjX
O5u7PuqymoLFcc1sNP7BBQZbVy4VnKcqR76y7S/756FS3aaIp7Um+1tdDfu47LuN
jZSBp3jCJk2SN6EM/6laVd93HQ6NrOniK7LRo+4rvihdE1Kh6RoXJvLOkpSVhqu2
wntZ9cxNuz05HopmjoNGZAPcz2RZ+UKIMxc7SKSXij7Qu4w+Dj/7C4uJB4Ost2k=
=KQqy
-----END PGP SIGNATURE-----
Cian
wget http://www.liblognorm.com/files/download/liblognorm-0.3.3.tar.gz
tar -xvvf liblognorm-0.3.
tar -xvvf liblognorm-0.3.3.tar.gz
cd liblognorm-0.3.3/
./configure --libdir=/usr/lib --includedir=/usr/include
make install clean
libee, and libestr were installed the same way.
I'm using sagan 0.2.0
Thanks
Cian
Champ Clark III
Hash: SHA1
This is definitely a linking/liblognorm issue. Try this with liblognorm:
./configure --prefix=/usr
then do you "make && make install". See if that makes any difference.
Other wise, I'll have to cross post this to the liblognorm mailing
list as I've not run into this issue myself. Let me know how it works.
> <mailto:ccl...@quadrantsec.com>) Quadrant Information Security
> (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA
> 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP
> SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment:
> GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPV5cVAAoJENnmXt7Lmc3KznwIAJimbJ+lUDoRgKZnp7PuorLK
> bJBDa6zBPWkpq25xDQ8IRl+c2s2PRB6A/M9SjJ26UQHdEVwLQd2LwBvfBJ/mQWuo
> /9+Add6AI0VybY+vIxSw8wGztws+dooj3/Mf0jCvPmQmgrHB2UOxCokXgOQSSwjX
> O5u7PuqymoLFcc1sNP7BBQZbVy4VnKcqR76y7S/756FS3aaIp7Um+1tdDfu47LuN
> jZSBp3jCJk2SN6EM/6laVd93HQ6NrOniK7LRo+4rvihdE1Kh6RoXJvLOkpSVhqu2
> wntZ9cxNuz05HopmjoNGZAPcz2RZ+UKIMxc7SKSXij7Qu4w+Dj/7C4uJB4Ost2k=
> =KQqy -----END PGP SIGNATURE-----
>
>
> On Wednesday, 7 March 2012 17:12:53 UTC, Da Beave wrote:
>
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> Sorry for the delay! I almost missed this message.
>
> First off, what version of Sagan is this? Is the Sagan 0.2.0 or
> is it from the git tree?
>
> It looks like to me that this is a liblognorm issue. How did you
> install that? You might want to check:
>
> https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm
> <https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm>
>
> Let me know how it works out.
>
>
> On 3/2/12 6:01 AM, Cian wrote:
>> Hi,
>>
>> When I try to compile sagan (on Fedora 16, running on i686), I
>> get the below errors : usr/bin/ld: sagan.o: undefined reference
>> to symbol 'ee_initCtx /usr/bin/ld: note: 'ee_initCtx' is defined
>> in DSO /usr/lib/libee.so.0 so try adding it to the linker
>> command line /usr/lib/libee.so.0: could not read symbols:
>> Invalid operation
>>
>> I'm using libestr 0.1.2, libee 0.4.0, and liblognorm 0.3.3.
>> setting the value of $LIBS, or $LDFLAGS seems to stop it from
>> compiling at all. Any idea what I'm doing wrong?
>>
>> Thanks Cian
>
>
> - -- - - Champ Clark III (ccl...@quadrantsec.com
> <mailto:ccl...@quadrantsec.com>) Quadrant Information Security
> (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA
> 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP
> SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment:
> GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPV5cVAAoJENnmXt7Lmc3KznwIAJimbJ+lUDoRgKZnp7PuorLK
> bJBDa6zBPWkpq25xDQ8IRl+c2s2PRB6A/M9SjJ26UQHdEVwLQd2LwBvfBJ/mQWuo
> /9+Add6AI0VybY+vIxSw8wGztws+dooj3/Mf0jCvPmQmgrHB2UOxCokXgOQSSwjX
> O5u7PuqymoLFcc1sNP7BBQZbVy4VnKcqR76y7S/756FS3aaIp7Um+1tdDfu47LuN
> jZSBp3jCJk2SN6EM/6laVd93HQ6NrOniK7LRo+4rvihdE1Kh6RoXJvLOkpSVhqu2
> wntZ9cxNuz05HopmjoNGZAPcz2RZ+UKIMxc7SKSXij7Qu4w+Dj/7C4uJB4Ost2k=
> =KQqy -----END PGP SIGNATURE-----
>
>
> On Wednesday, 7 March 2012 17:12:53 UTC, Da Beave wrote:
>
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> Sorry for the delay! I almost missed this message.
>
> First off, what version of Sagan is this? Is the Sagan 0.2.0 or
> is it from the git tree?
>
> It looks like to me that this is a liblognorm issue. How did you
> install that? You might want to check:
>
> https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm
> <https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm>
>
> Let me know how it works out.
>
>
> On 3/2/12 6:01 AM, Cian wrote:
>> Hi,
>>
>> When I try to compile sagan (on Fedora 16, running on i686), I
>> get the below errors : usr/bin/ld: sagan.o: undefined reference
>> to symbol 'ee_initCtx /usr/bin/ld: note: 'ee_initCtx' is defined
>> in DSO /usr/lib/libee.so.0 so try adding it to the linker
>> command line /usr/lib/libee.so.0: could not read symbols:
>> Invalid operation
>>
>> I'm using libestr 0.1.2, libee 0.4.0, and liblognorm 0.3.3.
>> setting the value of $LIBS, or $LDFLAGS seems to stop it from
>> compiling at all. Any idea what I'm doing wrong?
>>
>> Thanks Cian
>
>
> - -- - - Champ Clark III (ccl...@quadrantsec.com
> <mailto:ccl...@quadrantsec.com>) Quadrant Information Security
> (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA
> 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP
> SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment:
> GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPV5cVAAoJENnmXt7Lmc3KznwIAJimbJ+lUDoRgKZnp7PuorLK
> bJBDa6zBPWkpq25xDQ8IRl+c2s2PRB6A/M9SjJ26UQHdEVwLQd2LwBvfBJ/mQWuo
> /9+Add6AI0VybY+vIxSw8wGztws+dooj3/Mf0jCvPmQmgrHB2UOxCokXgOQSSwjX
> O5u7PuqymoLFcc1sNP7BBQZbVy4VnKcqR76y7S/756FS3aaIp7Um+1tdDfu47LuN
> jZSBp3jCJk2SN6EM/6laVd93HQ6NrOniK7LRo+4rvihdE1Kh6RoXJvLOkpSVhqu2
> wntZ9cxNuz05HopmjoNGZAPcz2RZ+UKIMxc7SKSXij7Qu4w+Dj/7C4uJB4Ost2k=
> =KQqy -----END PGP SIGNATURE-----
>
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPWOpUAAoJENnmXt7Lmc3K/kwH/0oMpIHa2lEGNr0gMoArw+6M
I3XRFM27Z4r/bMxz8MlKVIxWdjmjtvCMGOwkPWFJJElrpw+O016J9SQZu7fGyL42
ChOlR+WIAD7p7DKSxxrgWGLN/ZVFeY/gJFYpTX6XuAtAGKphcOvMwhQmxV06q3wb
r6gBQ/Zp1bkPnKYUEj9ns338cOE4nYi9J7rvAj+6DAeTr9bvW1Of1pzvqIZSotqu
0mkE+9k1IXLJVS/1k1ziUnPA1AQL+kt/WO8NDDbJTKmiekCIqX7DFJhEJMvrUJqc
M6b35kJqAh1OrcI3tajrgIMakr9UzrYSSDRy58clXR51dGRQi5vZAdyeUqcIrw4=
=Oo1y
-----END PGP SIGNATURE-----
Mike Wisniewski
I'm having the same exact issue when building on Ubuntu Oneiric. I
installed libee, liblognorm, and libestr using apt, and got the
...
gcc -g -O2 -o sagan sagan.o sagan-classifications.o sagan-config.o
sagan-lockfile.o sagan-references.o sagan-rules.o sagan-signal.o sagan-
key.o sagan-stats.o sagan-strlcat.o sagan-strlcpy.o sagan-usage.o
sagan-util.o sagan-plog.o parse-ip.o parse-port.o sagan-alert.o sagan-
snort.o sagan-esmtp.o sagan-external.o sagan-prelude.o sagan-
unified2.o -ldnet -lpcap -llognorm -lprelude -lesmtp -lpq -
lmysqlclient_r -lm -lpthread -lpcre
/usr/bin/ld.bfd.real: sagan.o: undefined reference to symbol
'ee_getEventField'
/usr/bin/ld.bfd.real: note: 'ee_getEventField' is defined in DSO /usr/
/usr/lib/libee.so.0: could not read symbols: Invalid operation
make[2]: *** [sagan] Error 1
make[2]: Leaving directory `/home/wisniewski/sagan-0.2.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/wisniewski/sagan-0.2.0'
make: *** [all] Error 2
...
error. It's not the same as the original user, but it still errors on
libee. I removed the three packages (libee, liblognorm, and libestr)
and installed from source. Libestr built and installed fine, and
liblognorm wouldn't build against libee-0.4.0, so I had to use
libee-0.3.2. After that, liblognorm compiled and installed fine.
When compiling sagan against liblognorm-0.3.3, libee-0.3.2, and
libestr-0.1.2, it fails with the above message.
Thanks for any assistance in resolving this!
Mike
>
> > iQEcBAEBAgAGBQJPV5cVAAoJENnmXt7Lmc3KznwIAJimbJ+lUDoRgKZnp7PuorLK
> > bJBDa6zBPWkpq25xDQ8IRl+c2s2PRB6A/M9SjJ26UQHdEVwLQd2LwBvfBJ/mQWuo
> > /9+Add6AI0VybY+vIxSw8wGztws+dooj3/Mf0jCvPmQmgrHB2UOxCokXgOQSSwjX
> > O5u7PuqymoLFcc1sNP7BBQZbVy4VnKcqR76y7S/756FS3aaIp7Um+1tdDfu47LuN
> > jZSBp3jCJk2SN6EM/6laVd93HQ6NrOniK7LRo+4rvihdE1Kh6RoXJvLOkpSVhqu2
> > wntZ9cxNuz05HopmjoNGZAPcz2RZ+UKIMxc7SKSXij7Qu4w+Dj/7C4uJB4Ost2k=
> > =KQqy -----END PGP SIGNATURE-----
>
> - --
> - - Champ Clark III (ccl...@quadrantsec.com)
> Quadrant Information Security (http://quadrantsec.com)
> Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
> GPG Key ID: 0381878A
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
Champ Clark III
Hash: SHA1
Hello Mike, thanks for the information. I have an Ubuntu
Oneiric/11.10 box I can test against. I'll see if I can't replicate
the problem and let you know what I find. I should be able to test
it later on this evening.
> wrote: This is definitely a linking/liblognorm issue. Try this
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPXjZ4AAoJENnmXt7Lmc3KHDoH/jMuVMGClY2Q2wRHLHXVo9Aq
VwK/ZcYx+lTl3fkfiz6N8JTyfI8hbnHpZKto0BjIF8LaWHP43JOvHSXZKd3CavrQ
inK/Ih6aWB9LsVUyZbOiVCzUjru9jXzX6BKbM9OYc/8qOMeoPKi10cvw+h+PuK8F
WT6fwV9xmvbf3VmtHjpZxUCa4mGjDgFn/kFR11KZ/bWxOPjunakCPBoufujiJOPk
W3dCTfvDmzZY5B3UYZOKGP+oy8rLiRM2luKbnqXCnvChkyda1FlaF6DlMBk7YyxY
Bg7N6tyoxkf9CIEVARXihnWh2ZEk6/0Ovk6VZXZFkRJxAERaJ6mPk5Z2Qm7Ryok=
=6eq5
-----END PGP SIGNATURE-----
Cian
Cian.
Da Beave
linking problem that pretty easy to resolve. I'll let you know when
its up.
Da Beave
I've pushed the fix up to the git tree (for more information on the
Sagan git/development tree see:
https://wiki.quadrantsec.com/bin/view/Main/SaganGIT
For those without git, I've made a snapshot available at:
http://sagan.quadrantsec.com/download/devel-snapshots/sagan-03202012.tar.gz
Please let me know how it works for you and if you have any problems.
Thank you!
Cian
Thanks
Cian
Gary
-Gary
Champ Clark III
Hash: SHA1
Hey Gary,
On thing to note about liblognorm. You need to compile everything in
a particular order. For example:
1. libestr
2. libee
3. liblognorm
One library builds on another. It sorta looks like to me that might
be the issue. Also, Rainer (the author or ryslog/libognorm) gets
really busy sometimes and he might have forgotten about that issue.
You might want to re-post to the list if my advice doesn't help. It's
not that he doesn't care, he just always has 50 things going on at
once :)
Hope this helps!
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPal1LAAoJENnmXt7Lmc3KwKkH/RXZCxp41XfrviJI9QtJI6h3
hthLu1RXBxIjmZiJN//5GHPBFoqg4Mf8TG1WsNLFNO30zaQAb/ezvBEoZNqO9Tl4
7pJRiue2rEn9eiaLgdtOZ44gHZkBFbrtb5rdFti0wV6tMSnibcmtTdb84xAIt3EB
74OMZndJLFN9ZAOwFES88jk58H2IuFvoaYNOpVHv4x6grr3ZkpxDycdF2K64KQGj
XnHvi2WdgAVGiStp9VQRzId3dq0hq5mKw15cqjY3xRIMNS8MRp+VgwmlwawrYWEU
CU1Vb4k6Jdd30LdviT8fH+z7MH7QwdSDaSnCG3k7JIpudvtBEDiOfdPBc0/VH4o=
=cUeU
-----END PGP SIGNATURE-----
Gary
On thing to note about liblognorm. You need to compile everything in
a particular order. For example:
1. libestr
2. libee
3. liblognorm
Yeah, I'm definitely doing that as I went through this on Debian previously. I eventually just copied the libs & binary over to CentOS and they work fine since they're both running x64 architectures. I may have had to make some sym links to different library versions but it's parsing the fifo and sending alerts so appers to be stable enough. But I thought if anyone else is having problems compiling on CentOS that they might have come across this as well...
$ ls -al /usr/local/lib
total 124
drwxr-xr-x 3 root root 4096 Mar 19 11:16 .
drwxr-xr-x 12 root root 4096 Mar 19 10:31 ..
-rw-r--r-- 1 root root 42106 Mar 19 11:16 libestr.a
-rwxr-xr-x 1 root root 920 Mar 19 11:16 libestr.la
lrwxrwxrwx 1 root root 16 Mar 19 11:16 libestr.so -> libestr.so.0.0.0
lrwxrwxrwx 1 root root 16 Mar 19 11:16 libestr.so.0 -> libestr.so.0.0.0
-rwxr-xr-x 1 root root 31227 Mar 19 11:16 libestr.so.0.0.0
drwxr-xr-x 2 root root 4096 Mar 19 11:16 pkgconfig
Champ Clark III
Hash: SHA1
> Yeah, I'm definitely doing that as I went through this on Debian
> previously. I eventually just copied the libs & binary over to
> CentOS and they work fine since they're both running x64
> architectures. I may have had to make some sym links to different
> library versions but it's parsing the fifo and sending alerts so
> appers to be stable enough. But I thought if anyone else is having
> problems compiling on CentOS that they might have come across this
> as well...
>
> $ ls -al /usr/local/lib total 124 drwxr-xr-x 3 root root 4096 Mar
> 19 11:16 . drwxr-xr-x 12 root root 4096 Mar 19 10:31 .. -rw-r--r--
> 1 root root 42106 Mar 19 11:16 libestr.a -rwxr-xr-x 1 root root
> 920 Mar 19 11:16 libestr.la <http://libestr.la> lrwxrwxrwx 1 root
> root 16 Mar 19 11:16 libestr.so -> libestr.so.0.0.0 lrwxrwxrwx
> 1 root root 16 Mar 19 11:16 libestr.so.0 -> libestr.so.0.0.0
> -rwxr-xr-x 1 root root 31227 Mar 19 11:16 libestr.so.0.0.0
> drwxr-xr-x 2 root root 4096 Mar 19 11:16 pkgconfig
Ahh.. that "http://libestr.la" link looks very wrong :) Maybe just
the way it posted to the list.
What version of CentOS? I think I have an ISO of CentOS at the office
I could test on. I typically like these things to be resolved/fixed.
I'll boot a test CentOS box. Thanks.
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPa3EhAAoJENnmXt7Lmc3KYy4H/iEuV575EcLxuPPWQBgsBwZT
BQRUa/ljGI5OHfl5Lpq+BCJZE7sOJMluaFkqs89ZapHKscB8s/BoVaicNjr7de1p
9kDZ0tFZh8+1kC4MDyLHg03CjaautnggfQHEvYkFNs2ryNDg8C+LF4Z17hi1fofd
PFa+ENO8ihshBNKQZkRcXWsdDwoX69RQ5gY+JCUXeHegiAbYvaOLQOF371pTruFG
n0rX+xiaCcMFn0PXzRTl52VNlpz6NTUad2d+kjS8V3E/6GcVixDdQg3V0q0lqxUs
qBGQCroXDm7pDpsDVj0OvQgwI4VAYig5E0XQAdkOqoWs3e7mj7AMdCwrlOGWn6E=
=+iYw
-----END PGP SIGNATURE-----
Gary
What version of CentOS? I think I have an ISO of CentOS at the office
I could test on. I typically like these things to be resolved/fixed.
5.8. I havent tried under 6 but I don't know that it'd make a difference.