tag:blogger.com,1999:blog-4088979.post4538087485804731001..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Splunk on FreeBSD 7.0Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4088979.post-62992906386485937732009-01-24T06:22:00.000-05:002009-01-24T06:22:00.000-05:00Thanks for this article Richard.This worked perfec...Thanks for this article Richard.<BR/><BR/>This worked perfectly for me and allowed me to transition our Splunk server from Debian to FreeBSD without too many troubles. Thankfully I did the research before setting up the FreeBSD box, so I was glad to know the solution to this problem as soon as it arose!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-18762034532488012422008-12-12T20:09:00.000-05:002008-12-12T20:09:00.000-05:00If you get the "__malloc_lock" error you will need...If you get the "__malloc_lock" error you will need to install the glib1.x package (pkg_add -r glib)and relink/overwrite the existing "libc.so.6" file from the one in the compat6x that Richard installed. <BR/><BR/>cp /lib/libc.so.6 /lib/libc.so.6.ORIG<BR/>cp /usr/local/lib/compat/libc.so.6 /lib/ <BR/><BR/>This can also happen if you have glib2.x installed and not glib1.x. <BR/><BR/>now splunk should start <BR/>/opt/splunk/bin/splunk startAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-59607366381244263252008-12-10T20:59:00.000-05:002008-12-10T20:59:00.000-05:00I am not encountering that problem.I am not encountering that problem.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-57863495820363151402008-12-10T20:37:00.000-05:002008-12-10T20:37:00.000-05:00Splunk on FreeBSD 7.0-releaseThis is a decent walk...Splunk on FreeBSD 7.0-release<BR/><BR/>This is a decent walk through. Unfortunately I'm running into the following error when trying to start splunk after your example.<BR/><BR/>Undefined symbol "__malloc_lock"<BR/><BR/>Have you run into this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-27123644872856995642008-12-03T13:06:00.000-05:002008-12-03T13:06:00.000-05:00Jared, I haven't looked at inline Snort for FreeBS...Jared, I haven't looked at inline Snort for FreeBSD any time recently.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-58607973583773015982008-12-03T11:39:00.000-05:002008-12-03T11:39:00.000-05:00Sorry for contacting you via the comments on this ...Sorry for contacting you via the comments on this blog. I couldn't find an email address where I could contact you directly.<BR/><BR/>I'm following up on FreeBSD running as transparent bridge with snort in-line. It wasn't possible earlier this year but I'm wondering if development has progressed far enough where it is now possible to do this?<BR/><BR/>Thanks for your reply.<BR/>You can also contact me at jnevans@gmail.comJaredhttps://www.blogger.com/profile/00540058054460624261noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-87360779927640510472008-12-02T16:36:00.000-05:002008-12-02T16:36:00.000-05:00Thanks, Richard! I will be checking every day to s...Thanks, Richard! I will be checking every day to see if you have published the list!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-73703503076191801022008-11-30T21:25:00.000-05:002008-11-30T21:25:00.000-05:00Hi Anonymous,Yes, I will publish my Best Books Bej...Hi Anonymous,<BR/><BR/>Yes, I will publish my Best Books Bejtlich Read in 2008 at the end of December. Thank you for your interest.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-87560226006412364082008-11-30T21:22:00.000-05:002008-11-30T21:22:00.000-05:00Hi. Sorry for writing the comment in this article:...Hi. Sorry for writing the comment in this article:<BR/><BR/>Are you going to publish the rankings of the best books you read this year?<BR/><BR/>Please, please, please do so!Anonymousnoreply@blogger.com