[Snort-devel] Compress snort

Martin Olsson elof at ...969...
Fri Oct 15 04:33:04 EDT 2004

On Thu, 14 Oct 2004, Arpan Acharya wrote:
> I need to compress the whole of snort into one single file for a
> project. I dont have to use all the features of snort, just the main
> ones. Just a few rules and preprocessors. I need to remove all the
> file accesses in snort, Please suggest me a way to go about it. If
> someone had done something on the same lines, please share the
> experience with me. It would be really helpful to me in my project.

I don't know if I understand your question correctly, but here is how I do

I only use three files: snort, snort.conf and unicode.map

1. Install PCRE- and MySQL-libs on your development machine.
2. Unpack the snort source and run ./configure --with-mysql
3. Edit src/Makefile to statically include pcre- and mysql-libs in the
   snort binary:
   LIBS = -lz /usr/...../libpcre.a -lpcap -lm /usr/...../libmysqlclient.a
4. make
5. strip src/snort
6. copy src/snort to some other machine
7. Create your snort.conf
   Put everything in snort.conf (variables, configuration options,
   preprocessors, output plugins, references, classifications, rules and
8. copy your snort.conf to the other machine
9. copy etc/unicode.map to the other machine

There you have it. The other machine only need these three files to run
snort with mysql-support.

(If you don't use the preprocessor http_inspect you don't even need the
file unicode.map, only two files needed)


