This file lists platform specific hints on how to install weasel on different

* Ubuntu Server 6.10
* Debian Etcg 
* MacOS X 10.4
* Solaris 10

The information here is not yet complete, if you have some hints
to share, please mail them to, or use
the web board.

Ubuntu Server 6.10

Thanks to Marc Lifart


If you install a fresh copy of Ubuntu Server, then select the LAMP option during
installation. Otherwise you can still add the webserver later:

$ apt-get install apache2
$ apt-get install php5-mysqli
$ apt-get install php5-pgsql


If you want to use PostgreSQL:
$ apt-get install postgresql-8.1
$ apt-get libpq-dev

If you want to use MySQL:
$ apt-get install pcregrep
$ apt-get install libpcre3-dev
$ apt-get install libmysqlclient15-dev
$ apt-get install mysql-client-5.0
$ apt-get install mysql-server-5.0


In order to be able to compile snort, you will need several software packages:
$ apt-get install patch
$ apt-get install gcc
$ apt-get install build-essential
$ apt-get install libpcap0.8-dev
$ apt-get install libpcre3-dev

You should now be ready to install weasel, just follow the INSTALL instructions.

Debian Etch

Thanks to Roman Ammann

If you want PostgreSQL:
$ apt-get install postgres
If you want MySQL
$ apt-get install mysql-server
Console (Webserver):

$ echo 'deb i386/' >> /etc/apt/sources.list
$ apt-get update
$ apt-get install weasel
If you want to use the system exclusivly as weasel console run

$ a2ensite weasel
$ a2dissite default
$ /etc/init.d/apache2 restart
otherwise configure /etc/apache2/sites-available/weasel first

If you want to use sensor on other systems edit /etc/mysql/my.conf and change the line 
bind =
bind =
Make sure you're using good passwords for the weasel user and the root database user.
Sensor (Snort):

$ echo 'deb i386/' >> /etc/apt/sources.list
$ apt-get update
$ apt-get install snort-weasel

Configure the database in /etc/snort/snort.conf. Download the rulesets from and extract them to /etc/snort.

Try to run snort for testing purposes directly

$ snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort

Mac OS X 10.4


OS X comes already with a webserver. Enable "Personal Web Sharing" in the
"Sharing" Section of the System Preferences. You still need to install php5
though, luckily Marc Liyanage has made available a fine package, available here:

Your Document Root is /Library/WebServer/Documents, and each user has 
a personal website under ~/Sites, accessible via http://localhost/~USERNAME


If you want PostgreSQL:
Install Marc Liyanages Postgres Package:

If you want MySQL:
Download the normal mysql binary distribution from


OS X comes already with all the libraries needed to build snort.
Just follow the normal build instructions found in INSTALL.
MySQL is installed in /usr/local/mysql and Postgres is installed in
/usr/local/pgsql. You will need to supply these paths on the ./configure line:

./configure --with-mysql=/usr/local/mysql --with-postgresql=/usr/local/pgsql

Solaris 10 / SPARC

Thanks to Stefan Burschka

To build the sensor, you will need these packages from

* make
* patch
* gcc
* mysql
* libpcap
* pcre
* tar
* (gdb)

Follow the build instruction, but use the GNU version of the patch and tar utilities
that have been installed in /usr/local/bin, i.e. use:

# /usr/local/bin/patch -p1

instead of just

# patch -p1

The interfaces on solaris have chipset spefific names ! (eri0, hme0, etc...)
Be sure to check what you have with ifconfig -a