On Wednesday 13 February 2002 19:59, Milnes Terry SSgt 52 LG/LGO wrote:

How can I use the source RPM to recompile SNORT to use MySQL. I would like to do this so I can use ACID for SNORT. Or, does the SNORT from the /people directory on the ftp server have this built-in? Thanks!

No, it doesn't. Get the SRPM, either the one on the SuSE CDs or the one on SuSE's FTP site. Install it. Then go to /usr/src/packages/SPECS and edit snort.spec. To the ./configure options, add "--with-mysql=/usr/" (should be pretty obvious where to put it). Build your own RPM for snort. Do this with; "rpm -bb /usr/src/packages/SPECS/snort.spec" This will build it according to the modified .spec file you've created, and should create a binary rpm that you can then install, which will be located in /usr/src/packages/RPMS/i386/. "rpm -i /usr/src/packages/RPMS/i386/snort-1.8.1-65.i386.rpm" (is the applicable one for my system) That should create the binary you need which will be capable of logging to a MySQL database. Once that's done, you have to edit snort.conf to make sure that Snort logs to the database; the applicable line in my snort.conf is; "output database: alert, mysql, user=root dbname=snort password=xxx host=localhost" (note: password has been changed!) That's in the section marked "Step #3: Configure output plugins". http://www.linuxdoc.org/HOWTO/Snort-Statistics-HOWTO/index.html has the full lowdown on how to get everything running OK, once you've got Snort MySQL support working. Hope this gets you some of the way anyway, it took me a while to get ACID working to my satisfaction! cheers, Gideon.