[Snort-users] Re: [rpms] snort-mysql rpm

JP Vossen vossenjp at ...8683...
Mon Feb 9 09:37:02 EST 2004

On 9 Feb 2004, Mark Hutlet wrote:

> Do you know of a resource that can assist me in the installation of the
> snort-mysql-rpm on Redhat9?  I understand that this is probably a dumbass
> question!

I can, at least a little.  It's pretty easy.

> My impression is that I install Snort, then Mysql, and then install the
> RPM that links the two.
> Let me know if I'm warm!

It depends on what you want.  If you plan to run everything on 1 box, then you
do need all that.  If you want to run Snort on 1 box and MySQL/ACID, etc. on
another you can do that too, in which case you don't need MySQL on the Snort
box at all.

There is no RPM that "links" the two.  Snort has the basic snort, all the
support files, etc.  snort-mysql has only a snort binary that has mysql
support already compiled in.

See http://www.starken.com/snort/ for the very latest RPMs that haven't made
it to snort.org yet.  Just download the ones you want and try to install them
using something like 'rpm -Uvh snort*.rpm'.  You should end up with something
like this:

/root# ll /usr/sbin/snort*
lrwxrwxrwx  1 root  root       21 Feb  7 02:59 /usr/sbin/snort -> /usr/sbin/snort-mysql*
-rwxr-xr-x  1 root  root     438K Feb  6 00:45 /usr/sbin/snort-mysql*
-rwxr-xr-x  1 root  root     437K Feb  6 00:45 /usr/sbin/snort-plain*

NOTE that 'snort' is a symlink to snort-plain, or what you want in your case,

There are also a ton of user/install guides around.  Check snort.org,
http://www.winsnort.com/ and http://www.internetsecurityguru.com/documents,
plus the Snort-users archives at http://www.snort.org/lists.html.

JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?

More information about the Snort-users mailing list