RE: Snort compiled w/MySQL?

["Botwick, Jason (Genworth, Contractor)" <Jason.Botwick () genworth com>]

Yes, you have to compile it with that switch, and the requisite MySQL
libraries have to be installed on the box you're using to compile. The
easiest way to do that is to install MySQL there, or compile it on your
database server (assuming the sensor and database servers are running the
same OS, architecture, etc). 
 
In terms of deploying, you can either
 
1) Link Snort dynamically (usually the default). In this case, you'll have
to deploy the MySQL libraries (I forget which one or ones, but I think it
was just -lmysqlclient) to your sensor.
2) Link Snort statically. In this case, you only have to deploy the Snort
executable itself to the sensor, but it's a little more work, because you
have to determine how to do this in your environment, and if I remember
right, you have to link MySQL statically too.
 
 -----Original Message-----
From: Larry Wichman [mailto:larrywichman () yahoo com]
Sent: Wednesday, October 13, 2004 11:09 AM
To: Snorty S Snortman
Subject: [Snort-users] Snort compiled w/MySQL?



I want to have a snort box send alerts to a MySQL database on another box.
Do I still need to compile it usisng "--with-mysql=/usr/local/mysql"? If so,
does this mean that I have to install MySQL on the Snort box even though it
will be sending alerts to another box?

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com