[Snort-users] OT: Help with Barnyard

Gordon Cunningham gcunnin2 at ...163...
Thu Apr 10 09:16:10 EDT 2003


Ralf,

I need to pass a --with-mysql-libraries=DIR to the configure and have been
unable to do so using the rpmbuild util.  Without it I get:

checking for mysql_connect in -lmysqlclient... no


**********************************************
  ERROR: unable to find mysqlclient library
  checked in the following places
        /usr/lib/mysql
**********************************************

How difficult would it be to make the RH7.3 RPM?  Does everyone go through
this with Barnyard, or is there something "special" with my installation?


- Gordon

 -----Original Message-----
From: 	snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]  On Behalf Of Ralf
Spenneberg
Sent:	Thursday, April 10, 2003 11:29 AM
To:	gcunnin2 at ...163...
Cc:	SnortUsers
Subject:	RE: [Snort-users] OT:  Help with Barnyard

Am Don, 2003-04-10 um 16.46 schrieb Gordon Cunningham:
> I appreciate your help, Ralf.  When I try to install the RPM, I get the
> following:
>
> error: failed dependencies:
>         libc.so.6(GLIBC_2.3)   is needed by barnyard-0.1.0-1
Oh. Ok. The RPM was compiled on Redhat 8.0. Either get
http://www.spenneberg.com/redirect.php?url=public/SRPMS/barnyard-0.1.0-1.src
.rpm and do
rpmbuild --rebuild barnyard-0.1.0-1.src.rpm
or (or if it fails)
contact me again and I will build a barnyard RPM for RedHat 7.3


Cheers,

Ralf
>
> I have glibc 2.2.5-43 and libc.so.6 is present on this RH 7.3 machine -
> there is no glibc 2.3 available for RH 7.3 unless I recompile from source.
> Is that going to be necessary?  If so, I'll have to also upgrade my gcc
> compiler and I'm not sure what else will break...  it's got to be easier
> than this.
>
> Using MySQL version 11.18 dist 3.23.54...
>
> I've tried different sites for the barnyard source.  When I try to "make"
> barnyard 0.1.0 after a "configure -enable-mysql", this is the result:
>
> make  all-recursive
> make[1]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0'
> Making all in src
> make[2]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> Making all in output-plugins
> make[3]: Entering directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins'
> make[3]: Nothing to be done for `all'.
> make[3]: Leaving directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins'
> Making all in input-plugins
> make[3]: Entering directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins'
> make[3]: Nothing to be done for `all'.
> make[3]: Leaving directory
> `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins'
> make[3]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> gcc  -g -O2 -Wall -L/usr/lib/mysql -o barnyard  barnyard.o configparse.o
> mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o
> classification.o output-plugins/libop.a
input-plugins/libdp.a -lmysqlclient
> /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function
`my_uncompress':
> my_compress.o(.text+0xaa): undefined reference to `uncompress'
> /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function
> `my_compress_alloc':
> my_compress.o(.text+0x13c): undefined reference to `compress'
> collect2: ld returned 1 exit status
> make[3]: *** [barnyard] Error 1
> make[3]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0'
> make: *** [all-recursive-am] Error 2
>
>
> - Gordon
>
>  -----Original Message-----
> From: 	Ralf Spenneberg [mailto:mct at ...8096...]
> Sent:	Thursday, April 10, 2003 12:44 AM
> To:	gcunnin2 at ...163...
> Cc:	SnortUsers
> Subject:	RE: [Snort-users] OT:  Help with Barnyard
>
> Am Mit, 2003-04-09 um 16.38 schrieb Gordon Cunningham:
> > Ralf,
> >
> > Thanks for responding.  (Just tried recompiling and I'm now getting an
> > error - undef ref to my_compress - will look into this)
> >
> > Yes, barnyard was compiled with MySQL support and appears to connect to
> > MySQL just fine, but always has an undefined output plugin error.
> > classificaton.config is in the same subdir as the .map files.  I'm
testing
> > snort 1.9.1 on RedHat 7.3 with latest patches - single NIC at the
moment.
> I
> > did note the different naming of the output plugin (config file
originally
> > had alert_acid_db or log_acid_db instead of op_acid_db), but neither
> works.
> > How do I configure the output plugins, or are they supposed to be
> automatic?
> The plugins are configured using the following lines:
> output alert_acid_db: mysql, sensor_id 1, database sensors, server
> localhost, user xxxx, password secret
> output log_acid_db: mysql, sensor_id 1, database sensors, server
> localhost, user xxxx, detail full, password secret
>
> It works fine using my RPM.
>
> > # output op_acid_db: mysql, sensor_id 1, database snort, server
localhost,
> > user XXXX, password XXXX
> > output op_acid_db: mysql, sensor_id 1, database snort, server localhost,
> > user XXXX, password XXXX, detail full
>
> Could you send the exact error messages when compiling? Maybe you want
> to start with a fresh source. Otherwise try my RPM package
> http://www.spenneberg.com/6.html?subject=%2FIDS%2F
>
> Cheers,
>
> Ralf
>
>
>
> --
> Ralf Spenneberg
> RHCE, RHCX
>
> IPsec/PPTP Kernels for Red Hat Linux:
> http://www.spenneberg.com/.net/.org/.de
> Honeynet Project Mirror:                http://honeynet.spenneberg.org
> Snort Mirror:                           http://snort.spenneberg.org
--
Ralf Spenneberg
RHCE, RHCX

IPsec/PPTP Kernels for Red Hat Linux:
http://www.spenneberg.com/.net/.org/.de
Honeynet Project Mirror:                http://honeynet.spenneberg.org
Snort Mirror:                           http://snort.spenneberg.org


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list