Building Snort 2.8.0 on MAC OSX 10.5 (Leopard)
Posted on June 20, 2008 in How-to
From: Steven Sturges <steve.sturges@sourcefire.com>
For those who use Snort on a MAC, this might be helpful...
The following is courtesy of Martin Fong, who's helped us track down
an issue seen when starting Snort w/ dynamic preprocessor libraries
on MAC OSX 10.5. The text below will be included with in the
MAC OSX section of doc/INSTALL in the next release as well.
------
For users of Max OSX 10.5 (Leopard), the following environment variables
must be set before running configure & make.
Reference information for MAC OSX 10.5 (Leopard) can be found at these
two links.
$ export LD_TWOLEVEL_NAMESPACE=1
$ export MACOSX_DEPLOYMENT_TARGET=10.5
$ ./configure
$ make
------
Also, with Snort 2.8.0, the dynamicengine line in the default
snort.conf must be updated to load libsf_engine.dylib, instead of
libsf_engine.so. The following line:
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Should be changed to:
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.dylib
Happy (MAC) Snorting. :)
Cheers.
-steve
Update:
If you run into a Bus error:
* MAC OSX
---------
On Darwin (maybe others), the configure script shipped as part of the
source distribution needs to be recreated. To do this, run the
following commands:
aclocal -I m4
autoheader
automake --add-missing --copy
autoconf
If you plan to use the dynamic plugin capability (ie,
configure --enable-dynamicplugin), snort needs to be linked using
the two level namespace. To do this, set the LD_TWOLEVEL_NAMESPACE
environment variable to something prior to running configure.
An example:
$ export LD_TWOLEVEL_NAMESPACE=1
$ export MACOSX_DEPLOYMENT_TARGET=10.5
$ configure --enable-dynamicplugin