I made a few notes on here about what I needed to do to get the latest snort going on OSX 10.5.2

I followed the excellent directions on Mark Duling's site, here (hope it doesnt dissappear like many .Mac sites do), but these were OSX 10.4/Tiger specific

I have used a combination of Macports / MAMP and self compiled the latest Snort

This is the split roughly:

Macports for BASE, ADODB, Mysql libraries (snort is way out of date on Macports, so I skipped it)

MAMP to host it (which includes PHP5 and Mysql managed via a nice GUI)

So here follow my really rough notes on the differences between what I did and what is noted on the halfdozen site:

iMac-G5:~ cooper$ cat .profile
PATH=/Applications/MAMP/Library/bin:$PATH:/opt/local/bin:/opt/local/sbin; export PATH cat create_mysql mysql -u root -p snortmysql -u root -pcd /opt/local/share/base/sqlcat create_base_tbls_mysql.sql mysql -u root -p snortmysql -u root -p

Compiling / configuring notes

Compile snort using Macports mysql libraries:

export LD_TWOLEVEL_NAMESPACE=1export MACOSX_DEPLOYMENT_TARGET=10.5
./configure --with-mysql --with-mysql-includes=/opt/local/include/mysql5/mysql/ --with-mysql-libraries=/opt/local/lib/mysql5/mysqsudo

Copy the latest rules downloaded from snort into snorts rule directory (after registering on http://www.snort.org/)

(I am now using oinkmaster.pl for this)

cp * /usr/local/etc/snort/rules sudo

Modify the loader script installed by Macports

vi /opt/local/share/snort/snort.sh to point to the snort binary in /usr/local/bin

Cludge to get Snort to read the MAMP Mysql socket (you need to have the macports mysql installed as well you see, but not running, and this confuses things)

sudo ln -s /Applications/MAMP/tmp/mysql/mysql.sock /opt/local/var/run/mysql5/mysqld.sock

Start snort:

sudo /usr/local/bin/snort -i en1 -c /usr/local/etc/snort/snort.conf

Make it load at boot time (uses Macports startup scripts)

sudo launchctl load -w /Library/LaunchDaemons/org.macports.snort.plist

BASE

More cludges to get BASE working with MAMP

sudo pico /opt/local/share/base/base_conf.php

cd /Applications/MAMP/htdocs/

sudo ln -s /opt/local/share/adodb5 adodb5

Install Pear extensions for graphing in Base:

/Applications/MAMP/bin/php5/bin/pear install Image_Canvas-0.3.1

/Applications/MAMP/bin/php5/bin/pear install Image_Graph-0.7.2