Hi,
I want to install ACID, SNORT, MYSQL for a subnet.
which distro of linux is better for this reason? if there is differences between SuSe, Debian, Redhat or any other Linux distros for snort & ACID?
currently I use SuSE for all my works. whether it is necessary to change my distro or not? I used to SuSE.
please help me.

There really isn't enough differences between any distros to worry about for this. Any of the distros you list (as well as a ton of others) would run those programs just fine. So if you are familiar with Suse, stick with it.

By the way, you may want to look at BASE as a replacement for ACID. ACID development was discontinued quite some time ago, and BASE is a replacement that is actively supported.

Thx Hangdog42,
OK, but I have a problem, for installing snort with mysql, it is necessary to install libmysqlclient-dev, but I could not find this package. I downloaded ibmysqlclient12-dev_4.0.23-3ubuntu2.1_i386.deb, but this is a debian package, I don't know how can I install it on suse. Is there any libmysqlclient-dev RPM or source ?
I heared about BASE too, but I have a question: is there any differences between the quality of BASE and ACID? does BASE have all features of ACID? or may be BASE is better than ACID at all?
please continue helping me!!

I'm afraid I don't know much about Suse repositories (but I did find this page, which has a listing of several places to look), but I would think that Yast should be able to find the package.

Since BASE was developed from ACID, I would expect it to have an improved feature set from ACID. Also, since BASE is being actively developed, while ACID has been abandoned, I would expect BASE to improve in the future.

Thanks alot for ur help
I installed mysql-devel, but there is still an error : " cannot find -lmysqlclient "
but I have installed mysql-devel . what is this error for?

From what I can tell from googling, it is possible that either your mysql libraries didn't get installed, or the compiler can't find them. Try running ldconfig (as root) and see if that doesn't solve the problem. If not, you're going to need to find out what directories your mysql libraries are stored in and make sure that directory is in /etc/ld.so.conf. If it is not, add it and run ldconfig again.

If the path is already there, and ldconfig didn't work, you might want to read through this thread.

Thx lot again 4 ur help.
when I run
#ldconfig -v
I find out that libmysqlclient.so is exist, but when I want to make snort(after configure it with out any error) it said: "can not find lmysqlclient"
what is wrong?

Thanks Hangdog42, I installed mysql-client-standard and my problem solved

Hi, I have installed snort with Base & mysql. now I have 2 questions:
1- where we should install snort on a subnet? on a Gateway? suppose I have a subnet and I want to install snort as my IDS to controll all the trafics go out and come in to the subnet. after a main router?

2- I have problem with graphic in Base. if I must to use jpgraph (In Linux)? or another package?
Now I have installed Image_Graph. but there is a problem: "Failed opening required 'Image/Canvas.php' ", but there is not any Canvas.php file on my system.

Thanks in advance.

I'm going to dodge answering this one because my experience with Snort is limited to my home LAN, where everything needs to run on a single computer. Hopefully someone with more relevant experience will chime in (but do have a look at the Snort FAQ as they have a section on where in your LAN to place Snort). They also have a section on the best way to use Snort to block traffic.

I believe jpgraph is required by BASE. It was an ACID requirement and since BASE is derived from ACID, I suspect the dependency is still there. I'm afraid I'm not familiar with Image_Graph so I'm not going to be a lot of help with that error.