[Snort-users] Followup: 1.8.7 on Solaris 8

Erek Adams erek at ...577...
Wed Aug 14 16:01:03 EDT 2002

Works like a champ for me, except for a tweak need for ./configure--see note

Ok,  here's what I did.

	*  built and installed bison and flex
	*  built and installed libpcap 0.7.1 from tcpdump.org
	*  gunziped and untar'ed the 1.8.7 tarball.

Then from inside the snort build dir:

	* ./configure
	* make
	* make install

And the output from the last of the make:


gcc  -g -O2 -Wall  -o snort  snort.o log.o decode.o mstring.o rules.o
plugbase.o  sp_pattern_match.o sp_tcp_flag_check.o sp_icmp_type_check.o
sp_icmp_code_check.o sp_ttl_check.o sp_ip_id_check.o sp_tcp_ack_check.o
sp_tcp_seq_check.o sp_dsize_check.o spp_http_decode.o spp_portscan.o
sp_ipoption_check.o sp_rpc_check.o sp_icmp_id_check.o  sp_icmp_seq_check.o
sp_respond.o spo_alert_syslog.o spo_log_tcpdump.o  spo_database.o sp_session.o
spp_defrag.o parser.o spo_alert_fast.o  spo_alert_full.o spo_alert_smb.o
spo_alert_unixsock.o sp_react.o  spo_xml.o sp_ip_tos_check.o snprintf.o
checksum.o spp_tcp_stream2.o  sp_reference.o sp_ip_fragbits.o spp_anomsensor.o
tag.o spp_unidecode.o  codes.o strlcpyu.o strlcatu.o debug.o
sp_tcp_win_check.o  spp_rpc_decode.o spp_bo.o spp_telnet_negotiation.o
spo_csv.o  sp_ip_same_check.o sp_priority.o sp_ip_proto.o ubi_BinTree.o
ubi_SplayTree.o spo_unified.o spp_stream4.o spp_frag2.o spp_arpspoof.o
spo_idmef.o spo_SnmpTrap.o spo_log_null.o  -lpcap -lm -lsocket -lnsl
[root at ...3978...]/local/build/snort-1.8.7#make install
Making install in win32
Making install in WIN32-Code
Making install in WIN32-Includes
Making install in libnet
Making install in mysql
Making install in rpc
Making install in WIN32-Libraries
/bin/sh ./mkinstalldirs /usr/local/bin
  /usr/local/bin/install -c  snort /usr/local/bin/snort
make  install-man8
/bin/sh ./mkinstalldirs /usr/local/man/man8
 /usr/local/bin/install -c -m 644 ./snort.8 /usr/local/man/man8/snort.8
[root at ...3978...]/local/build/snort-1.8.7#


Make sure you've got your patches uptodate.  There was a M4 patch in the last
set, IIRC.

Hope this helps!

Erek Adams

More information about the Snort-users mailing list