[Snort-users] OT: Help with Barnyard

Ralf Spenneberg mct at ...8096...
Thu Apr 10 08:29:06 EDT 2003


Am Don, 2003-04-10 um 16.46 schrieb Gordon Cunningham:
> I appreciate your help, Ralf.  When I try to install the RPM, I get the
> following:
> 
> error: failed dependencies:
>         libc.so.6(GLIBC_2.3)   is needed by barnyard-0.1.0-1
Oh. Ok. The RPM was compiled on Redhat 8.0. Either get
http://www.spenneberg.com/redirect.php?url=public/SRPMS/barnyard-0.1.0-1.src.rpm and do
rpmbuild --rebuild barnyard-0.1.0-1.src.rpm
or (or if it fails) 
contact me again and I will build a barnyard RPM for RedHat 7.3


Cheers,

Ralf
> 
> I have glibc 2.2.5-43 and libc.so.6 is present on this RH 7.3 machine -
> there is no glibc 2.3 available for RH 7.3 unless I recompile from source.
> Is that going to be necessary?  If so, I'll have to also upgrade my gcc
> compiler and I'm not sure what else will break...  it's got to be easier
> than this.
> 
> Using MySQL version 11.18 dist 3.23.54...
> 
> I've tried different sites for the barnyard source.  When I try to "make"
> barnyard 0.1.0 after a "configure -enable-mysql", this is the result:
> 
> make  all-recursive
> make[1]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0'
> Making all in src
> make[2]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> Making all in output-plugins
> make[3]: Entering directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins'
> make[3]: Nothing to be done for `all'.
> make[3]: Leaving directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins'
> Making all in input-plugins
> make[3]: Entering directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins'
> make[3]: Nothing to be done for `all'.
> make[3]: Leaving directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins'
> make[3]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> gcc  -g -O2 -Wall -L/usr/lib/mysql -o barnyard  barnyard.o configparse.o
> mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o
> classification.o output-plugins/libop.a input-plugins/libdp.a -lmysqlclient
> /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function `my_uncompress':
> my_compress.o(.text+0xaa): undefined reference to `uncompress'
> /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function
> `my_compress_alloc':
> my_compress.o(.text+0x13c): undefined reference to `compress'
> collect2: ld returned 1 exit status
> make[3]: *** [barnyard] Error 1
> make[3]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0'
> make: *** [all-recursive-am] Error 2
> 
> 
> - Gordon
> 
>  -----Original Message-----
> From: 	Ralf Spenneberg [mailto:mct at ...8096...]
> Sent:	Thursday, April 10, 2003 12:44 AM
> To:	gcunnin2 at ...163...
> Cc:	SnortUsers
> Subject:	RE: [Snort-users] OT:  Help with Barnyard
> 
> Am Mit, 2003-04-09 um 16.38 schrieb Gordon Cunningham:
> > Ralf,
> >
> > Thanks for responding.  (Just tried recompiling and I'm now getting an
> > error - undef ref to my_compress - will look into this)
> >
> > Yes, barnyard was compiled with MySQL support and appears to connect to
> > MySQL just fine, but always has an undefined output plugin error.
> > classificaton.config is in the same subdir as the .map files.  I'm testing
> > snort 1.9.1 on RedHat 7.3 with latest patches - single NIC at the moment.
> I
> > did note the different naming of the output plugin (config file originally
> > had alert_acid_db or log_acid_db instead of op_acid_db), but neither
> works.
> > How do I configure the output plugins, or are they supposed to be
> automatic?
> The plugins are configured using the following lines:
> output alert_acid_db: mysql, sensor_id 1, database sensors, server
> localhost, user xxxx, password secret
> output log_acid_db: mysql, sensor_id 1, database sensors, server
> localhost, user xxxx, detail full, password secret
> 
> It works fine using my RPM.
> 
> > # output op_acid_db: mysql, sensor_id 1, database snort, server localhost,
> > user XXXX, password XXXX
> > output op_acid_db: mysql, sensor_id 1, database snort, server localhost,
> > user XXXX, password XXXX, detail full
> 
> Could you send the exact error messages when compiling? Maybe you want
> to start with a fresh source. Otherwise try my RPM package
> http://www.spenneberg.com/6.html?subject=%2FIDS%2F
> 
> Cheers,
> 
> Ralf
> 
> 
> 
> --
> Ralf Spenneberg
> RHCE, RHCX
> 
> IPsec/PPTP Kernels for Red Hat Linux:
> http://www.spenneberg.com/.net/.org/.de
> Honeynet Project Mirror:                http://honeynet.spenneberg.org
> Snort Mirror:                           http://snort.spenneberg.org
-- 
Ralf Spenneberg
RHCE, RHCX

IPsec/PPTP Kernels for Red Hat Linux:  
http://www.spenneberg.com/.net/.org/.de
Honeynet Project Mirror:                http://honeynet.spenneberg.org
Snort Mirror:                           http://snort.spenneberg.org




More information about the Snort-users mailing list