Installing the bro IDS on Debian Etch

Here's how I installed bro-1.2-stable on Debian etch (mostly the same as the Ubuntu instructions):

sudo apt-get install libncurses-dev, autoconf, automake, build-essential, flex, bison
./configure
make
sudo make install
sudo make install-brolite

Added following to configure.in to get around the problem of the Clam AV function cl_scanbuff disappearing from newer versions:

AC_CHECK_LIB(clamav,cl_scanbuff,,have_libclamav=No)

Got "error compiling pattern" so deleted necessary files and ran make again. Finally, started with:

sudo /usr/local/bro/etc/bro.rc start

Bro wouldn't run as a non-root user because it requires permissions on the interface.