[Snort-users] Re-Compiling Snort?

Joel Esler (jesler) jesler at ...589...
Mon Feb 17 13:27:00 EST 2014


./configure —enable-sourcefire should get you the best default options.


On Feb 17, 2014, at 1:13 PM, Y M <snort at ...15979...<mailto:snort at ...16002....>> wrote:

Hi Matt,

Snort's support for MySQL is deprecated since Snort version 2.9.3. What probably you want is to output to unified2 format and let Barnyard2 parse the logs and insert them into the database. If the sole purpose of recompiling Snort is to add MySQL support, then you do not need to reconfigure things.

If you are configuring Snort version 2.9.6.0 for the dynamic plugin, you may get this (I do):

configure: WARNING: unrecognized options: --enable-dynamicplugin

I believe this is built-in/hardened now, but I am not sure . You may find more information about this in the changelog.

Regarding the reconfiguration in general, you can reconfigure Snort on the same box , then use make clean, make install and the compiled binary should be replaced.

YM

________________________________
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
From: MMartin at ...16693...<mailto:MMartin at ...16693...>
Date: Mon, 17 Feb 2014 12:51:20 -0500
Subject: [Snort-users] Re-Compiling Snort?

Hey All,

Installed Version: Snort v2.9.6.0
OS: OpenSuSE 12.3 (x86_64)

I have already downloaded/installed and configured Snort on my server running OpenSuSE 12.3, and everything seems to be working just fine.

But when I compiled/configured Snort I did NOT include any of the MySQL Options, in order to configure MySQL for BASE and Barnyard2. But I would like to get these 'add-ons' for Snort going if I can. So would I be able to Re-Compile/Re-Configure Snort and just replace whichever files would need replacing after re-compiling, if possible... Does that make sense?

I don't believe I included any options along with the "./configure" command(s) when I ran them initially, as far as I remember...

I did find this guide below for Configuring Snort with BASE, Barnyard2, Oinkmaster, and MySQL. But I didn't find this until after I already installed Snort.
        This is the Guide I found --> http://freelinuxtutorials.com<http://freelinuxtutorials.com/tutorials/installing-ids-using-snort-with-oinkmaster-barnyard-and-base-on-rhelcentos-64-bit/>

And the command I SHOULD have run when I first configured Snort to include MySQL was:
        ./configure –with-mysql –enable-dynamicplugin –with-mysql-libraries=/usr/lib64/mysql

I already have all the prerequisites installed, so could anyone tell me what I would need to do if I want to achieve this? Would I just re-run the configure, make and make install commands with the appropriate command line options this time, on a fresh copy of Snort and just replace the already existing files..?

Any thoughts or suggestions would be much appreciated!

Thanks in Advance,
Matt
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140217/0f00815a/attachment.html>


More information about the Snort-users mailing list