From Kelly.Le at Colorado.EDU Sun Jan 10 17:49:10 1999 From: Kelly.Le at Colorado.EDU (Kelly G Le) Date: Sun, 10 Jan 1999 18:49:10 -0700 (MST) Subject: configuration issues In-Reply-To: <199812222355.PAA05288@draco.acs.uci.edu> Message-ID: Our current installation of Bro on Solaris 2.6 only logs to the bro.log file. Other log files such as ftp.log are created but not written to even when events should have been logged. While troubleshooting this, we reviewed the attached config.log file and discovered a couple of errors that could be the cause of our problem: - Line 43, there are declaration conflicts for openlog, syslog and closelog - Line 65-70, contains several type conflicts - Line 87, contains a declaration conflict for gettimeofday - Line 101, there is an undefined symbol gethostbyname - Line 135, there is an undefined symbol socket - Line 169, the str library is not found -- where can we download this library? These errors all seem to be related to the conftest.c file. Has anyone else had these problems? How were you able to resolve them? Thanks. Kelly -------------- next part -------------- This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. configure:572: checking host system type configure:593: checking target system type configure:611: checking build system type configure:719: checking for gcc configure:796: checking whether the C compiler (gcc ) works configure:810: gcc -o conftest conftest.c 1>&5 configure:830: checking whether the C compiler (gcc ) is a cross-compiler configure:835: checking whether we are using GNU C configure:844: gcc -E conftest.c configure:859: checking whether gcc accepts -g configure:1017: checking for bison configure:1051: checking for c++ configure:1082: checking whether the C++ compiler (c++ ) works configure:1096: c++ -o conftest conftest.C 1>&5 configure:1122: checking whether the C++ compiler (c++ ) is a cross-compiler configure:1127: checking whether we are using GNU C++ configure:1136: c++ -E conftest.C configure:1151: checking whether c++ accepts -g configure:1181: checking for flex configure:1214: checking for yywrap in -lfl configure:1233: gcc -o conftest -g -O2 conftest.c -lfl 1>&5 configure:1266: checking for a BSD compatible install configure:1316: checking whether make sets ${MAKE} configure:1347: checking for gzip configure:1447: checking how to run the C preprocessor configure:1468: gcc -E conftest.c >/dev/null 2>conftest.out configure:1508: checking for ANSI C header files configure:1521: gcc -E conftest.c >/dev/null 2>conftest.out configure:1588: gcc -o conftest -g -O2 conftest.c 1>&5 configure:1613: checking return type of signal handlers configure:1635: gcc -c -g -O2 conftest.c 1>&5 configure:1677: checking for sigset configure:1705: gcc -o conftest -g -O2 conftest.c 1>&5 configure:1789: checking whether time.h and sys/time.h may both be included configure:1803: gcc -c -g -O2 conftest.c 1>&5 configure:1828: checking for memory.h configure:1838: gcc -E conftest.c >/dev/null 2>conftest.out configure:1873: checking if syslog returns int configure:1892: c++ -c -g -O2 conftest.C 1>&5 configure:1883: declaration of C function `int openlog(const char *, int, int)' conflicts with /usr/include/syslog.h:23: previous declaration `void openlog(const char *, int, int)' here configure:1884: declaration of C function `int syslog(int, const char * ...)' conflicts with /usr/include/syslog.h:24: previous declaration `void syslog(int, const char * ...)' here configure:1885: declaration of C function `int closelog(...)' conflicts with /usr/include/syslog.h:25: previous declaration `void closelog()' here configure: failed program was: #line 1878 "configure" #include "confdefs.h" # include # include extern "C" { int openlog(const char* ident, int logopt, int facility); int syslog(int priority, const char* message_fmt, ...); int closelog(); } int main() { ; return 0; } configure:1919: checking if we should declare socket and friends configure:1938: gcc -c -g -O2 conftest.c 1>&5 configure:1929: conflicting types for `connect' /usr/include/sys/socket.h:335: previous declaration of `connect' configure:1930: conflicting types for `send' /usr/include/sys/socket.h:355: previous declaration of `send' configure:1931: conflicting types for `recvfrom' /usr/include/sys/socket.h:353: previous declaration of `recvfrom' configure: failed program was: #line 1924 "configure" #include "confdefs.h" # include # include extern int socket(int, int, int); extern int connect(int, const struct sockaddr *, int); extern int send(int, const void *, int, int); extern int recvfrom(int, void *, int, int, struct sockaddr *, int *); int main() { ; return 0; } configure:1965: checking if we should declare gettimeofday configure:1980: c++ -c -g -O2 conftest.C 1>&5 configure:1973: declaration of C function `int gettimeofday(struct timeval *, struct timezone *)' conflicts with /usr/include/sys/time.h:389: previous declaration `int gettimeofday(struct timeval *, void *)' here configure: failed program was: #line 1970 "configure" #include "confdefs.h" # include extern "C" int gettimeofday(struct timeval* tp, struct timezone* tzp); int main() { ; return 0; } configure:2004: checking for gethostbyname configure:2035: c++ -o conftest -g -O2 conftest.C 1>&5 Undefined first referenced symbol in file gethostbyname /var/tmp/cc_trDD_1.o ld: fatal: Symbol referencing errors. No output written to conftest configure: failed program was: #line 2009 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char gethostbyname(); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gethostbyname(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_gethostbyname) || defined (__stub___gethostbyname) choke me #else gethostbyname(); #endif ; return 0; } configure:2054: checking for gethostbyname in -lnsl configure:2076: c++ -o conftest -g -O2 conftest.C -lnsl 1>&5 configure:2253: checking for socket configure:2284: c++ -o conftest -g -O2 conftest.C -lnsl 1>&5 Undefined first referenced symbol in file socket /var/tmp/ccYuD6T_1.o ld: fatal: Symbol referencing errors. No output written to conftest configure: failed program was: #line 2258 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char socket(); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char socket(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_socket) || defined (__stub___socket) choke me #else socket(); #endif ; return 0; } configure:2302: checking for socket in -lsocket configure:2324: c++ -o conftest -g -O2 conftest.C -lsocket -lnsl 1>&5 configure:2398: checking for putmsg in -lstr configure:2420: c++ -o conftest -g -O2 conftest.C -lstr -lsocket -lnsl 1>&5 ld: fatal: library -lstr: not found ld: fatal: File processing errors. No output written to conftest configure: failed program was: #line 2406 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char putmsg(); int main() { putmsg() ; return 0; } configure:2516: checking for local pcap library configure:2651: checking for 8-bit clean memcmp configure:2672: c++ -o conftest -g -O2 conftest.C ../libpcap-0.4/libpcap.a -lsocket -lnsl 1>&5 configure:2690: checking for strftime configure:2721: c++ -o conftest -g -O2 conftest.C ../libpcap-0.4/libpcap.a -lsocket -lnsl 1>&5 configure:2794: checking for strerror configure:2825: c++ -o conftest -g -O2 conftest.C ../libpcap-0.4/libpcap.a -lsocket -lnsl 1>&5 From leres at ee.lbl.gov Sun Jan 10 18:23:57 1999 From: leres at ee.lbl.gov (Craig Leres) Date: Sun, 10 Jan 1999 18:23:57 PST Subject: configuration issues In-Reply-To: Your message of Sun, 10 Jan 1999 18:49:10 PST. Message-ID: <199901110223.SAA06692@hot.ee.lbl.gov> > Our current installation of Bro on Solaris 2.6 only logs to the bro.log > file. Other log files such as ftp.log are created but not written to > even when events should have been logged. While troubleshooting this, we > reviewed the attached config.log file and discovered a couple of errors > that could be the cause of our problem: > > - Line 43, there are declaration conflicts for openlog, syslog and > closelog > - Line 65-70, contains several type conflicts > - Line 87, contains a declaration conflict for gettimeofday > - Line 101, there is an undefined symbol gethostbyname > - Line 135, there is an undefined symbol socket > - Line 169, the str library is not found -- where can we download this > library? (config.log is the autoconf log; the "errors" in it are a normal part the process that allows the configure script to determine which features are available on your particular OS type and version.) Craig From Kelly.Le at Colorado.EDU Mon Jan 11 09:57:11 1999 From: Kelly.Le at Colorado.EDU (Kelly G Le) Date: Mon, 11 Jan 1999 10:57:11 -0700 (MST) Subject: configuration issues In-Reply-To: <199901110223.SAA06692@hot.ee.lbl.gov> Message-ID: Thanks Craig. What about the problem that bro only logs to bro.log and no other log file? Has anyone else encountered that? We have only modified hot.bro to reflect our network information. None of the other policy scripts have been changed. Thanks. Kelly On Sun, 10 Jan 1999, Craig Leres wrote: > (config.log is the autoconf log; the "errors" in it are a normal part > the process that allows the configure script to determine which > features are available on your particular OS type and version.) > > Craig > From Kelly.Le at Colorado.EDU Mon Jan 11 10:58:42 1999 From: Kelly.Le at Colorado.EDU (Kelly G Le) Date: Mon, 11 Jan 1999 11:58:42 -0700 (MST) Subject: configuration issues In-Reply-To: Message-ID: On a suggestion from a subscriber on the list, I generated a ton of ftp traffic and bro did write to the ftp.log. Apparently, the output is heavily buffered. Kelly From pokallus at idaccr.org Mon Jan 11 11:22:48 1999 From: pokallus at idaccr.org (Jeffrey S. Pokallus) Date: Mon, 11 Jan 1999 14:22:48 -0500 Subject: configuration issues References: Message-ID: <369A4F88.3C2D@ccr-p.ida.org> Kelly G Le wrote: > Apparently, the output is > heavily buffered. > > Kelly I unbuffered output (Bro 0.3) by changing line 147 in Stmt.cc from: d.SetFlush(0); to: d.SetFlush(1); jeff From vern at ee.lbl.gov Tue Jan 12 01:14:24 1999 From: vern at ee.lbl.gov (Vern Paxson) Date: Tue, 12 Jan 1999 01:14:24 PST Subject: configuration issues In-Reply-To: Your message of Mon, 11 Jan 1999 11:58:42 MST. Message-ID: <199901120914.BAA04718@daffy.ee.lbl.gov> > Apparently, the output is heavily buffered. It's the usual stdio buffering. Bro catches SIGINT, so when you kill it, it should flush those files. Is that not working, or were you looking at the files while Bro was running? Bro needs a mechanism for telling it "flush your current state". A hack for this would be some sort of signal; but I think the right way to do it is to add a general mechanism for communicating with Bro (one that lets you inject [authenticated, of course] events). This is needed anyway because Bro needs to evolve towards multiple event agents (some watching network links, some perhaps running on hosts and just watching the hosts) and that will require an event communication mechanism. Vern