+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.135 2008/11/23 15:29:38 vanquirius Exp $

+

+*snort-2.8.3.1 (23 Nov 2008)

+

+ 23 Nov 2008; Marcelo Goes <vanquirius@gentoo.org>

+ +files/snort-2.8.3.1-libnet.patch, +snort-2.8.3.1.ebuild:

+ 2.8.3.1 version bump with many changes for bug 245752. Thanks to Jason

+ Wallace <jason.r.wallace at gmail dot com> and Antixrict <antixrict at

+ inbox.lv> for the rewrite. Currently in package.mask for testing.

+-----BEGIN PGP SIGNED MESSAGE-----

+Hash: SHA1

+

+AUX snort-2.8.3.1-libnet.patch 8954 RMD160 eb6a2eac6f6005bf8118afeeda6ea52675470156 SHA1 7370bc6c97417cf78a57f8d3f3c3bc3365ce2d56 SHA256 e3edce56ba0568d1db75accc7afb0b86d3de7034aba20daf0f61bf32770b3c2a

+DIST Community-Rules-CURRENT.tar.gz 112052 RMD160 089916a6bf6db1fe56516d996dd7e062f5e96837 SHA1 8cd478c75e85f5da82d0fc4ebd29572e13066c7d SHA256 4f30a63d6a1cb4a8016540dffef99269c031cbee7ffeedf34d5bfbcd96cea417

+DIST snort-2.8.3.1.tar.gz 4309333 RMD160 53ab2df684ba327718d3dac1c8efa21c3ae05248 SHA1 384203f68e2000c490bbc5a5a2724b0b74d10e74 SHA256 edda7a8c3fe96623729ba0f34c2bda23c15a47a063bafdfc1e397680c2538d86

+EBUILD snort-2.8.3.1.ebuild 9632 RMD160 7ababc187c321e3ba27cf52b9b4e57ff68ff8c82 SHA1 0188b46c3a754c084e75cca5d658fa19e77f2a4e SHA256 83fa764e1963d1c0c2a6cae6e4fc328ae767ae1635705e4de4536bffe64d362c

+MISC ChangeLog 24202 RMD160 de30e4b16a5d0a283989602882dfd5905b68fa26 SHA1 a2f17148ff4dbf938d6f1a814433d82c69c4ddc1 SHA256 a568a31451c9a30f9653d47e4cc736a3f8d950039574959af0002031d4e0537a

+-----BEGIN PGP SIGNATURE-----

+Version: GnuPG v2.0.9 (GNU/Linux)

+

+iEYEARECAAYFAkkpdtQACgkQrV3T0ZYD7E6BlACfStjGynBRcNJXKUDH6DMcWe26

+LvwAn1Il/AG5/TLSfxprWI68zMZHaJqF

+=p3tZ

+-----END PGP SIGNATURE-----

+diff -ru snort-2.8.3.1/configure.in snort-2.8.3.1_gentoo/configure.in

+--- snort-2.8.3.1/configure.in 2008-09-15 10:45:24.000000000 -0400

++++ snort-2.8.3.1_gentoo/configure.in 2008-11-03 16:34:41.000000000 -0500

+@@ -1151,19 +1151,19 @@

+ else

+ libnet_dir="/usr/include /usr/local/include /sw/include"

+ fi

+- AC_MSG_CHECKING("for libnet.h version 1.0.x")

++ AC_MSG_CHECKING("for libnet-1.0.h version 1.0.x")

+ for i in $libnet_dir; do

+- if test -r "$i/libnet.h"; then

++ if test -r "$i/libnet-1.0.h"; then

+ LIBNET_INC_DIR="$i"

+ fi

+ done

+

+ if test "$LIBNET_INC_DIR" != ""; then

+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0 >/dev/null"; then

+- FAIL_MESSAGE("libnet 1.0.x (libnet.h)", $LIBNET_INC_DIR)

++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0 >/dev/null"; then

++ FAIL_MESSAGE("libnet 1.0.x (libnet-1.0.h)", $LIBNET_INC_DIR)

+ fi

+- CFLAGS="${CFLAGS} `libnet-config --defines` `libnet-config --cflags`"

+- LIBS="${LIBS} `libnet-config --libs`"

++ CFLAGS="${CFLAGS} `libnet-1.0-config --defines` `libnet-1.0-config --cflags`"

++ LIBS="${LIBS} `libnet-1.0-config --libs`"

+ CPPFLAGS="${CPPFLAGS} -I${LIBNET_INC_DIR}"

+ AC_MSG_RESULT($i)

+ else

+@@ -1185,8 +1185,8 @@

+ [ --enable-flexresp Flexible Responses on hostile connection attempts],

+ enable_flexresp="$enableval", enable_flexresp="no")

+ if test "x$enable_flexresp" = "xyes"; then

+- CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-config --defines --cflags`"

+- LDFLAGS="${LDFLAGS} `libnet-config --libs`"

++ CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-1.0-config --defines --cflags`"

++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`"

+ fi

+

+ if test "x$enable_flexresp" != "xno" -a "x$enable_flexresp" = "xyes"; then

+@@ -1196,21 +1196,21 @@

+ exit

+ fi

+

+- if test `libnet-config --cflags | wc -c` = "1"; then

++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then

+ CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"

+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"

+ fi

+

+- if test `libnet-config --libs | wc -c` = "1"; then

+- AC_MSG_WARN(libnet-config --libs is broken on your system. If you)

++ if test `libnet-1.0-config --libs | wc -c` = "1"; then

++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you)

+ AC_MSG_WARN(are using a precompiled package please notify the)

+ AC_MSG_WARN(maintainer.)

+ LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"

+- LIBS="${LIBS} -lnet"

++ LIBS="${LIBS} -lnet-1.0"

+ fi

+

+ LNET=""

+- AC_CHECK_HEADERS(libnet.h,, LNET="no")

++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no")

+ if test "x$LNET" = "xno"; then

+ echo

+ echo " ERROR! Libnet header not found, go get it from"

+@@ -1228,33 +1228,33 @@

+ libnet_dir="/usr/include /usr/local/include /sw/include"

+ fi

+ else

+- libnet_dir=`libnet-config --cflags | cut -dI -f2`

++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2`

+ fi

+

+ LIBNET_INC_DIR=""

+ for i in $libnet_dir; do

+- if test -r "$i/libnet.h"; then

++ if test -r "$i/libnet-1.0.h"; then

+ LIBNET_INC_DIR="$i"

+ fi

+ done

+

+ if test "x$LIBNET_INC_DIR" != "x"; then

+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then

++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then

+ AC_MSG_RESULT(no)

+ echo

+ echo " ERROR! Snort with --enable-flexresp will *only* work with"

+ echo " libnet version 1.0.2a, go get it from"

+ echo " http://www.packetfactory.net/projects/libnet/"

+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR)

++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR)

+ fi

+ AC_MSG_RESULT(yes)

+ else

+ AC_MSG_RESULT(no)

+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir)

++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir)

+ fi

+

+ LNET=""

+- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no")

++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no")

+ if test "x$LNET" = "xno"; then

+ echo

+ echo " ERROR! Libnet library not found, go get it from"

+@@ -1305,8 +1305,8 @@

+ [ --enable-react Intercept and terminate offending HTTP accesses],

+ enable_react="$enableval", enable_react="no")

+ if test "x$enable_react" = "xyes"; then

+- CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-config --defines --cflags`"

+- LDFLAGS="${LDFLAGS} `libnet-config --libs`"

++ CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-1.0-config --defines --cflags`"

++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`"

+ fi

+

+ if test "x$enable_react" != "xno" -a "x$enable_react" = "xyes"; then

+@@ -1317,13 +1317,13 @@

+ exit

+ fi

+

+- if test `libnet-config --cflags | wc -c` = "1"; then

++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then

+ CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"

+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"

+ fi

+

+- if test `libnet-config --libs | wc -c` = "1"; then

+- AC_MSG_WARN(libnet-config --libs is broken on your system. If you)

++ if test `libnet-1.0-config --libs | wc -c` = "1"; then

++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you)

+ AC_MSG_WARN(are using a precompiled package please notify the)

+ AC_MSG_WARN(maintainer.)

+ LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"

+@@ -1331,7 +1331,7 @@

+ fi

+

+ LNET=""

+- AC_CHECK_HEADERS(libnet.h,, LNET="no")

++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no")

+ if test "x$LNET" = "xno"; then

+ echo

+ echo " ERROR! Libnet header not found, go get it from"

+@@ -1349,33 +1349,33 @@

+ libnet_dir="/usr/include /usr/local/include /sw/include"

+ fi

+ else

+- libnet_dir=`libnet-config --cflags | cut -dI -f2`

++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2`

+ fi

+

+ LIBNET_INC_DIR=""

+ for i in $libnet_dir; do

+- if test -r "$i/libnet.h"; then

++ if test -r "$i/libnet-1.0.h"; then

+ LIBNET_INC_DIR="$i"

+ fi

+ done

+

+ if test "x$LIBNET_INC_DIR" != "x"; then

+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then

++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then

+ AC_MSG_RESULT(no)

+ echo

+ echo " ERROR! Snort with --enable-react will *only* work with"

+ echo " libnet version 1.0.2a, go get it from"

+ echo " http://www.packetfactory.net/projects/libnet/"

+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR)

++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR)

+ fi

+ AC_MSG_RESULT(yes)

+ else

+ AC_MSG_RESULT(no)

+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir)

++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir)

+ fi

+

+ LNET=""

+- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no")

++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no")

+ if test "x$LNET" = "xno"; then

+ echo

+ echo " ERROR! Libnet library not found, go get it from"

+diff -ru snort-2.8.3.1/src/detection-plugins/sp_react.c snort-2.8.3.1_gentoo/src/detection-plugins/sp_react.c

+--- snort-2.8.3.1/src/detection-plugins/sp_react.c 2008-07-11 16:56:00.000000000 -0400

++++ snort-2.8.3.1_gentoo/src/detection-plugins/sp_react.c 2008-11-03 16:39:16.000000000 -0500

+@@ -59,7 +59,7 @@

+ #include <stdlib.h>

+ #include <string.h>

+ #include <ctype.h>

+-#include <libnet.h>

++#include <libnet-1.0.h>

+

+ #include "rules.h"

+ #include "decode.h"

+diff -ru snort-2.8.3.1/src/detection-plugins/sp_respond.c snort-2.8.3.1_gentoo/src/detection-plugins/sp_respond.c

+--- snort-2.8.3.1/src/detection-plugins/sp_respond.c 2008-07-11 16:56:00.000000000 -0400

++++ snort-2.8.3.1_gentoo/src/detection-plugins/sp_respond.c 2008-11-03 16:38:50.000000000 -0500

+@@ -36,7 +36,7 @@

+

+

+ #if defined(ENABLE_RESPONSE) && !defined(ENABLE_RESPONSE2)

+-#include <libnet.h>

++#include <libnet-1.0.h>

+

+ #include "decode.h"

+ #include "rules.h"

+diff -ru snort-2.8.3.1/src/inline.c snort-2.8.3.1_gentoo/src/inline.c

+--- snort-2.8.3.1/src/inline.c 2008-02-25 16:34:56.000000000 -0500

++++ snort-2.8.3.1_gentoo/src/inline.c 2008-11-03 16:39:44.000000000 -0500

+@@ -20,7 +20,7 @@

+ #include <stdlib.h>

+ #include <string.h>

+ #include <pcap.h>

+-#include <libnet.h>

++#include <libnet-1.0.h>

+

+ #include "decode.h"

+ #include "inline.h"

+# Copyright 1999-2008 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.3.1.ebuild,v 1.1 2008/11/23 15:29:38 vanquirius Exp $

+

+WANT_AUTOCONF="latest"

+WANT_AUTOMAKE="latest"

+AT_M4DIR=m4

+

+inherit eutils autotools

+

+DESCRIPTION="The de facto standard for intrusion detection/prevention"

+HOMEPAGE="http://www.snort.org/"

+SRC_URI="http://www.snort.org/dl/${P}.tar.gz

+ community-rules? ( http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz )"

+LICENSE="GPL-2"

+SLOT="0"

+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86"

+IUSE="static debug pthreads prelude stream4udp memory-cleanup decoder-preprocessor-rules ipv6 targetbased dynamicplugin timestats ruleperf ppm perfprofiling linux-smp-stats inline inline-init-failopen flexresp flexresp2 react aruba gre mpls pic postgres mysql odbc selinux community-rules"

+

+#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a

+DEPEND="virtual/libc

+ virtual/libpcap

+ >=sys-devel/libtool-1.4

+ >=dev-libs/libpcre-6.0

+ flexresp2? ( dev-libs/libdnet )

+ flexresp? ( ~net-libs/libnet-1.0.2a )

+ react? ( ~net-libs/libnet-1.0.2a )

+ postgres? ( || ( dev-db/postgresql dev-db/libpq ) )

+ mysql? ( virtual/mysql )

+ odbc? ( dev-db/unixODBC )

+ prelude? ( >=dev-libs/libprelude-0.9.0 )

+ inline? ( ~net-libs/libnet-1.0.2a

+ net-firewall/iptables )"

+

+RDEPEND="${DEPEND}

+ dev-lang/perl

+ selinux? ( sec-policy/selinux-snort )"

+

+pkg_setup() {

+ enewgroup snort

+ enewuser snort -1 -1 /dev/null snort

+

+ if use flexresp && use flexresp2 ; then

+ ewarn

+ ewarn

+ ewarn "You have both the 'flexresp' and 'flexresp2' USE"

+ ewarn "flags set. You can use 'flexresp' OR 'flexresp2'"

+ ewarn "but not both."

+ ewarn

+ ewarn "Defaulting to flexresp2..."

+ ewarn

+ ewarn

+ epause

+ fi

+

+ if use memory-cleanup && ! use dynamicplugin; then

+ ewarn

+ ewarn

+ ewarn "You have enabled 'memory-cleanup' but not 'dynamicplugin'."

+ ewarn "'memory-cleanup' requires 'dynamicplugin' to compile."

+ ewarn

+ ewarn "Enabling dynamicplugin..."

+ ewarn

+ ewarn

+ epause

+ fi

+

+ if use ruleperf && ! use dynamicplugin; then

+ ewarn

+ ewarn

+ ewarn "You have enabled 'ruleperf' but not 'dynamicplugin'."

+ ewarn "'ruleperf' requires 'dynamicplugin' to compile."

+ ewarn

+ ewarn "Enabling dynamicplugin..."

+ ewarn

+ ewarn

+ epause

+ fi

+

+ if use inline-init-failopen && ! use inline; then

+ ewarn

+ ewarn

+ ewarn "You have enabled 'inline-init-failopen' but not 'inline'."

+ ewarn "'inline-init-failopen' is an 'inline' only function."

+ ewarn

+ ewarn "Enabling inline mode..."

+ ewarn

+ ewarn

+ epause

+ fi

+

+}

+

+

+src_unpack() {

+ unpack ${A}

+ cd "${S}"

+

+ #Dont monkey with the original source if you don't need to.

+ if use flexresp || use react || use inline; then

+ epatch "${FILESDIR}/${PN}-2.8.3.1-libnet.patch"

+ fi

+

+ if use prelude ; then

+ sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in

+ fi

+

+ einfo "Regenerating autoconf/automake files"

+ eautoreconf

+}

+

+src_compile() {

+

+ local myconf

+

+ #Both shared and static are enable by defaut so we need to be specific

+ if use static; then

+ myconf="${myconf} --enable-static --disable-shared"

+ else

+ myconf="${myconf} --disable-static --enable-shared"

+ fi

+

+ #Added in ebuild version snort-2.8.3.1. Should be rechecked in updated versions.

+ #Use 'die' because ./configure will die any ways with the same error message...

+ if use ipv6 && use targetbased; then

+ die "Support for target-based and IPv6 cannot be enabled simultaneously in this version."

+ fi

+

+ #Sourcefire is often not clear about what is and is not enabled by default

+ #To avoid undesired results we should be very specific

+ if use flexresp && ! use flexresp2; then

+ myconf="${myconf} --enable-flexresp --disable-flexresp2"

+ elif use flexresp2 && ! use flexresp; then

+ myconf="${myconf} --disable-flexresp --enable-flexresp2"

+ elif use flexresp && use flexresp2; then

+ myconf="${myconf} --disable-flexresp --enable-flexresp2"

+ fi

+

+ # USE flages memory-cleanup and ruleperf require dynamicplugin

+ #Only 'dynamicplugin' is set here. 'ruleperf' and 'memory-cleanup' are set below via econf.

+ if use memory-cleanup || use ruleperf || use dynamicplugin; then

+ myconf="${myconf} --enable-dynamicplugin"

+ else

+ myconf="${myconf} --disable-dynamicplugin"

+ fi

+

+ # USE flages 'targetbased' and 'inline-init-failopen' require pthreads

+ #Only 'pthreads' is set here. 'targetbased' and 'inline-init-failopen' are set below via econf.

+ if use targetbased || use inline-init-failopen || use pthreads; then

+ myconf="${myconf} --enable-pthread"

+ else

+ myconf="${myconf} --disable-pthread"

+ fi

+

+ #Only needed if...

+ if use flexresp || use react || use inline; then

+ myconf="${myconf} --with-libipq-includes=/usr/include/libipq"

+ fi

+

+ #'inline-init-failopen' requires 'inline'

+ if use inline-init-failopen || use inline; then

+ myconf="${myconf} --enable-inline"

+ else

+ myconf="${myconf} --disable-inline"

+ fi

+

+

+#The --enable-<feature> options... 'static' 'dynamicplugin' 'pthreads' 'flexresp' 'flexresp2' 'inline'

+# are configured above due to dependancy/conflict issues.

+#All others are handled the standard ebuild way via econf

+

+ econf \

+ --without-oracle \

+ $(use_with postgres postgresql) \

+ $(use_with mysql) \

+ $(use_with odbc) \

+ $(use_with pic) \

+ --disable-ipfw \

+ --disable-profile \

+ --disable-ppm-test \

+ $(use_enable debug) \

+ $(use_enable prelude) \

+ $(use_enable stream4udp) \

+ $(use_enable memory-cleanup) \

+ $(use_enable decoder-preprocessor-rules) \

+ $(use_enable ipv6) \

+ $(use_enable targetbased) \

+ $(use_enable timestats) \

+ $(use_enable ruleperf) \

+ $(use_enable ppm) \

+ $(use_enable perfprofiling) \

+ $(use_enable linux-smp-stats) \

+ $(use_enable inline-init-failopen) \

+ $(use_enable react) \

+ $(use_enable aruba) \

+ $(use_enable gre) \

+ $(use_enable mpls) \

+ ${myconf} || die "econf failed"

+

+ # limit to single as reported by jforman on irc

+ emake -j1 || die "emake failed"

+}

+

+src_install() {

+ emake DESTDIR="${D}" install || die "make install failed"

+

+ keepdir /var/log/snort/

+

+ dodoc doc/*

+ dodoc ./RELEASE.NOTES

+ docinto schemas ; dodoc schemas/*

+

+ insinto /etc/snort

+ doins etc/reference.config \

+ etc/classification.config \

+ etc/*.map \

+ etc/threshold.conf \

+ etc/attribute_table.dtd \

+ etc/unicode.map

+

+ # Make some changes to snort.conf depending on the users feature selection

+ if use memory-cleanup || use ruleperf || use dynamicplugin; then

+ sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" \

+ etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib

+ else

+ sed -e "s:^dynamic:# dynamic:g" \

+ etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib

+ fi

+

+ sed -i -e "s:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g" \

+ "${D}"/etc/snort/snort.conf.distrib

+

+ sed -i -e "s:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g" \

+ "${D}"/etc/snort/snort.conf.distrib

+

+ sed -i -e "s:^include $RULE_PATH:#include $RULE_PATH:g" \

+ "${D}"/etc/snort/snort.conf.distrib

+

+ newinitd "${FILESDIR}/snort.rc8" snort

+ newconfd "${FILESDIR}/snort.confd" snort

+

+ fowners snort:snort /var/log/snort

+ fperms 0770 /var/log/snort

+

+ # Install Community rules if enabled

+ if use community-rules; then

+ insinto /etc/snort/rules

+ doins -r "${WORKDIR}"/rules/*

+ fi

+

+ # Install preproc_rules if enabled

+ if use decoder-preprocessor-rules; then

+ insinto /etc/snort/preproc_rules

+ doins -r "${WORKDIR}"/${P}/preproc_rules/*.rules

+ fi

+}

+

+pkg_postinst() {

+ elog

+ elog "If you find that snort is using too much memory, your system"

+ elog "freezes, or snort crashes after a few minutes try adding the"

+ elog "following to your snort.conf..."

+ elog

+ elog "'config detection: search-method ac-sparsebands'"

+ elog

+ elog "To use a database backend with snort you will have to create"

+ elog "a database, a database user, and import the snort schema."

+ elog "The schema files are located in..."

+ elog

+ elog "/usr/share/doc/${PF}/schemas/"

+ elog

+ elog "Instructions for seting up your database, user, and schema imports"

+ elog "can be found in the README.database file located in..."

+ elog

+ elog "/usr/share/doc/${PF}"

+ elog

+ elog "Users using the unified output plugin and barnyard do not need to"

+ elog "compile database support into snort, but still need to set up their"

+ elog "database as documented in README.database."

+ elog

+ if use community-rules; then

+ elog

+ elog "The COMMUNITY ruleset has been installed."

+ elog

+ else

+ elog

+ elog "The COMMUNITY ruleset has NOT been installed."

+ elog

+ fi

+ elog "To learn how to manage updates to your rulesets please visit..."

+ elog

+ elog "http://oinkmaster.sourceforge.net/"

+ elog

+ elog "and then 'emerge oinkmaster'. Once oinkmaster is configured,"

+ elog "you may want to disable the 'community-rules' USE flag."

+ elog

+ elog "It is HIGHLY recomended that you also download Sourcefire's VRT"

+ elog "ruleset also. For more information on obtaining the VRT ruleset,"

+ elog "please visit... http://www.snort.org/vrt/"

+ elog

+}