Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Linux » Snort is not compiling into mysql on CentOS x86_64 version

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Snort is not compiling into mysql on CentOS x86_64 version


Posted by HoolmaaD on March 01, 2006 08:57:05

I understand the library locations are non-standard, and that mysql libraries install under /usr/lib64 rather than /usr/lib, but even when telling it to configure --with-mysql=/usr/lib64 (and 100 other iterations), I continue to still get: Cannot find mysqlclient libraries, and/or Cannot find mysql header locations. I have copied/moved the /include directory, the lib64/mysql locations around, even edited the ./configure script, and I get nothing but the two errors continually. I have tried ./configure --enable-mysql --with-mysql-libraries=/usr/lib64/mysql --with-mysql-includes=/usr/include/mysql and it runs through the script without error. Then when I attempt to start Snort, it tells me: Snort is not configured to run with mysql in the error log.

I have gone through this on Suse 8.0, 9.0, 10, Enterprise, Workstation, Fedora Core 2.0, 3.0, CentOS 4.0, 4.1, 4.2, RHEL 4.0 etc etc. I have tried using source, which seems everyone's favorite solution to the problem; I have tried installing from rpm's, using the packages compiled FOR each particular platform. As long as I remain in the 32-bit world, everything works fine; as soon as I attempt an install on a 64-bit platform, the snort compilation fails everytime.

What is the "magic" configure script, or what command line switches do I need to use to get the script to truly compile?

Posted by pteran on March 30, 2006 12:04:09

Hi there,

You must try using soft links like theese:

ln -s /usr/include/mysql /usr/lib64/mysql/include
ln -s /usr/lib64/mysql /usr/lib64/mysql/lib

and of course issue the configure command like this:

./configure --with-mysql=/usr/lib64/mysql

I hope that helps,

PT

Posted by LouParisi on June 10, 2006 17:06:11

I plan to compile on CentOS 64 bit and have seen a few posts regarding compile errors for 64 bit. The suggested solution in each case seems to be to add sim links and compile with the 64 bit mysql path for the configure script but no one has responded back that this worked for them.

Did the solution provided resolve your problem compiling for 64 bit CentOS?

Posted by Kro77 on June 14, 2006 09:58:06

Trying it now with 64bit RHEL4, and after using the LN bit of magic you provided, the regular rpm did not install, but it finall compuled.. Thanks so much pteran.

Posted by Kro77 on June 15, 2006 08:20:54

While this does compile i have nto been able to actually get the binary to log to the MySQL database using this method..

Posted by LouParisi on June 24, 2006 10:21:42

Just as a follow-up to let others know, I was able to get snort to compile on CentOS 4 x86_64 with the symbolic links provided. It would not compile without them. Also note that my location for the mysql.sock file was not standard so I had to add a symbolic link for this also. There may be a place to configure this but I could not find it.

When I ran snort to test the install (snort -c /etc/snort/snort.conf -v) I got the error:
ERROR: database: mysql_error: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

On my system the mysql configuration has the socket file mysql.sock in /usr/local/mysql so I created the symbolic link:
ln -s /usr/local/mysql /var/lib/mysql

After this snort ran and successfully logged in to mysql

One thought for those compiling successfully but not logging to mysql, be sure snort is using your configuration file that specifies mysql by giving the -c option in your start command.

Be sure to turn on logging to mysql in your conf file:
output database: log, mysql, dbname=snort user=snort password=snort host=localhost
output database: alert, mysql, dbname=snort user=snort password=snort host=localhost

Generally I found that if mysql is configured in your snort.conf file and it does not connect to the database on startup then you will get an error so if you are not seeing an error and not getting anything in mysql then it is probably not configured properly in the configuration file or you are not using the configuration file at startup that you think you are.

Posted by GemNEye on July 19, 2007 11:16:19

I used the following command to compile the source RPMs on CentOS 4.5 x64.

CFLAGS="-I/usr/lib64/mysql -I/lib64" LDFLAGS="-L/usr/lib64/mysql -L/lib64 -L/usr/lib64" rpmbuild -bb snort.spec --with mysql

it produces:
snort-2.7.0-1.x86_64.rpm
snort-mysql-2.7.0-1.x86_64.rpm

Posted by GemNEye on August 06, 2007 15:52:10

After upgrading to MySQL version 5 I used the following commands to build RPMs from the source rpm file.

MYSQL_LIB_DIR=/usr/lib64/mysql CFLAGS="-I/usr/lib64/mysql -I/lib64 -I/usr/include/mysql" LDFLAGS="-L/usr/lib64/mysql -L/lib64 -L/usr/lib64" rpmbuild -bb snort.spec --with mysql
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.