Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics

Help us translate
our tutorials!

JOIN the
OpenManiak Team.
Blaise Carrera
Tutorials creation:
Blaise Carrera
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Sabrina Barbey
Blaise Carrera
SNORT_INLINE - The Easy Tutorial - Tutorial

Snort_Inline Tutorial
Last Change : Apr 23 2007 french flagenglish flag


Details What is Snort_Inline?
Oinkmaster - Snort Rules
Oinkmaster - Bleeding Rules
Run Snort_Inline

If you like our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!

Let's install Snort_Inline.
You must install the prerequisite tools to be able to compile Snort_Inline successfully.


Download Snort_Inline and uncompress it.

#tar -xvf snort_inline-2.4.5a.tar.gz
Create two directories, one to store the configuration files, the other one to store the Snort rules.

#mkdir /etc/snort_inline
#mkdir /etc/snort_inline/rules
Copy the Snort_Inline configuration files inside the /etc/snort_inline/ directory.

#cp snort_inline-2.4.5a/etc/* /etc/snort_inline/
Inside the /etc/snort_inline/snort_inline.conf file, look for the line beginning by "var RULE_PATH" and change it as below:

var RULE_PATH /etc/snort_inline/rules
Copy two files inside our new /etc/snort_inline/rules directory:
- classification.config: defines URLs for the references found in the rules.
- reference.config: includes information for prioritizing rules.

#cp snort_inline-2.4.5a/etc/classification.config /etc/snort_inline/rules/
#cp snort_inline-2.4.5a/etc/reference.config /etc/snort_inline/rules/
Create a log directory:

#mkdir /var/log/snort_inline

Get information about the MySQL database.

Add a password for the MySQL root user:

#mysqladmin -u root password new_root_password
Create the MySQL database and tables in order to receive the Snort logs:

#mysql -u root -p
>create database snort;
Since it is dangerous to access the database with the root user, we need to create a user who has permissions on the snort database only:

>grant all on snort.* to snortuser@localhost identified by 'snortpassword';
Reload the MySQL privileges:

>flush privileges;
Now we have to create the tables inside the snort database:
By chance the tables are already created, we just have to find and import them into the SQL server:

#mysql -u root -p snort < snort_inline-2.4.5a/schemas/create_mysql
Configure the MySQL database settings:
Open the snort_inline.conf file:

#vi /etc/snort_inline/snort_inline.conf
After the line with "output alert_fast: snort_inline-fast", add:

output database: log, mysql, user=snortuser password=snortpassword dbname=snort host=localhost


You need first to use commands to check the dependencies and prepare the tool to be compiled for MySQL.

#cd snort_inline-2.4.5a
#./configure --with-mysql
If you installed all the dependencies correctly, the "configure" command must end without any error!
If you have an error message, see the bottom of the page.

Then we compile and install Snort_Inline.

See the CheckInstall page for more details about this command.
Below the output on our test system:

checkinstall 1.6.0, Copyright 2002 Felipe Eduardo Sanchez Diaz Duran
This software is released under the GNU GPL.

The package documentation directory ./doc-pak does not exist.
Should I create a default set of package docs? [y]: y

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.

**** Debian package creation selected ***

*** Warning: The package name "snort_inline-2.4.5a" contains underscores.
*** Warning: dpkg might not like that so I changed
*** Warning: them to dashes.

This package will be built according to these values:

0 - Maintainer: [ root@ubuntu ]
1 - Summary: [ Package created with checkinstall 1.6.0 ]
2 - Name: [ snort-inline-2.4.5a ]
3 - Version: [ BETA1 ]
4 - Release: [ 1 ]
5 - License: [ GPL ]
6 - Group: [ checkinstall ]
7 - Architecture: [ i386 ]
8 - Source location: [ snort_inline- ]
9 - Alternate source location: [ ]
10 - Requires: [ ]

Error messages you can get after the "./configure" command:

You don't have the build-essential metapackage:

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... no
checking whether to enable maintainer-specific portions of Makefiles... no
checking for style of include used by make... none
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.

You don't have the libnet package:

ERROR! Libpcap library/headers not found, go get it from
or use the --with-libpcap-* options, if you have it installed
in unusual place

You don't have the libpcre3-dev package:

ERROR! Libpcre header not found, go get it from

You don't have the iptables-dev package:

checking for libipq.h... no
configure: error: libipq.h not found ...

You don't have the libmysqlclient12-dev package:

ERROR: unable to find mysql headers (mysql.h)
checked in the following places

You don't have the libdnet library:

ERROR! Libdnet header not found, go get it from or use the --with-dnet-*
options, if you have it installed in an unusual place

If you liked our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!