[Snort-users] errors compiling 1.87 with mysql on openbsd

Oliver Bode oliver at ...6319...
Sun Jul 14 00:38:06 EDT 2002

> I've had the same error with the snort version used in Openbsd's ports
> tree in 3.1, downloading and installing Snort Version 1.8.6 (Build 105)
> from snort.org took care of it.

> >Anyway, I want to now sniff my pflogs and put them into mysql. The
> >is that when I type the following command:
> >
> >/usr/local/bin/snort -r /var/log/pflog
> >
> >I get the following error:
> >
> >/usr/local/bin/snort cannot handle data link type 17
> >
> >I can read pflog with tcpdump but not with snort. Is there another way
> >around this or am I doing something wrong.

I followed your advice and tried to compile 1.87 with mysql and it doesn't
work. After downloading the file I do the following:

whereis mysql
./configure --with-mysql=/usr/local/bin/mysql

Then I get this error:

checking for mysql...

  ERROR: unable to find mysql headers (mysql.h)
  checked in the following places

So then I configure using the directory that mysql.h is in

find / -name mysql.h

./configure --with-mysql=/usr/local/include/mysql

make install

everything looks like it is working until I fire it up with this command:

/usr/local/bin/snort -c /usr/local/share/examples/snort/snort.conf

then I get:

database: mysql support is not compiled in this copy

More information about the Snort-users mailing list