snort installation from source
 

So I've downloaded snort-2.8.4.1.tar.gz snortrules-snapshot-2.8.tar.gz (the 'registered user' rules). I extracted snort-2.8.4.1.tar.gz. There's no INSTALL or README or any form of installation instruction in this archive (or the main snort.org website), but a ./configure && make && make install seems to install fine. What do I do with snortrules-snapshot-2.8.tar.gz? Do I extract directly to /usr/local (the ./configure prefix)? And how do I build the rules for my distro?

If the tarball doesn't contain a doc/ dir and if snort.org didn't contain a docs/ dir that statement would be true.


Running './configure --help' gets you a listing of the available options. No need to come back later to say it doesn't work if you didn't bother to read and compile needed options.


That depends on your snort.conf settings but usually rules go in /etc/snort/rules.


You didn't list any: fill in your details in your control panel.

Okay, sorry, I should have looked closer. I've got snort installed on my slackware box and it runs fine the the packet sniffer mode. I copied the rules/ directory in the snortrules archive to /etc/snort/rules, edited the snort.conf file to reflect my changes, and it seems to be working (I see alerts in /var/log/snort). However, I'm still wondering what the so_rules directory is-- it contains precompiled libraries for other distros, but cannot figure out how to compile them or where to install them.

http://vrt-sourcefire.blogspot.com/2...ect-rules.html ?