[Snort-users] answer for barnyard errors

Jeff Nathan jeff at ...950...
Thu Jul 17 17:43:29 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Scott,

I'm terribly sorry it took so long for someone to get back to you on this. 
Andrew's a busy guy right now and I think I have the answer for you.

Do not edit the configure file.

(this refers to 0.1.0 only!!)

Edit the configure.in file.

On line 285 you will see:

AC_CHECK_LIB(mysqlclient, mysql_connect, FOUND=yes, FOUND=no)

change it so it reads:

AC_CHECK_LIB(mysqlclient, mysql_real_connect, FOUND=yes, FOUND=no)

Then, save configure.in

Once you have made this change you will need to re-generate the configure 
script using tools that are part of GNU autoconf and GNU automake.  Run the 
following commands in the order they are shown:

# aclocal
# autoheader
# automake
# autoconf

Once you have done this, try running configure again using --enable-mysql.

Good luck!

- -Jeff

- --On Thursday, July 17, 2003 16:41 -0400 Scott Renna <srenna at ...9588...> 
wrote:

> I acutally reconfiged barnyard with the --enable-mysql switch.
> It wasn't working initially, then someone else on the list recommended I
> locate the lines in the configure file and change them from
> mysql_connect to my_connect.
> After that, I was able to run configure and install it.
>
> Is that the right way to go about this or no?
>
> Should I give it another go?
>
>
>
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
>
> ***************************
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm
> Visscher
> Sent: Thursday, July 17, 2003 4:25 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] barnyard errors
>
>
> Shot in the dark here, but are you sure mysql was enabled during the
> configure and subsequant make? If not, support for the op_acid plugin
> may not be there.
>
> Bammkkkk
>
> On Thu, Jul 17, 2003 at 03:51:53PM -0400, Scott Renna wrote:
>> config hostname: xxxxxx
>> config interface: dc0
>> config filter: not port 22
>>
>> processor dp_alert
>> processor dp_log
>> processor dp_stream_stat
>>
>> output alert_fast
>> output log_dump
>>
>> output alert_acid_db: mysql, sensor_id 1, database snort, server
>> localhost, user root, password xxxxxx  output log_acid_db: mysql,
>> database snort, server localhost, user root, password xxxxx, detail
>> full
>>
>>
>> I will change the user for database logging from root once it's all
>> good and tidy. Am I supposed to have file names following the
>> alert_fast and log_dump items?  Initially I had
>> /var/log/snort/fast.alert and /var/log/snort/log.dump
>>
>> Scott
>>
>>
>> ***************************
>> Scott Renna
>> Head Systems Administrator
>> Dynamic Animation Systems
>> 703-503-0500
>>
>> ***************************
>>
>> -----Original Message-----
>> From: snort-users-admin at lists.sourceforge.net
>> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm
>> Visscher
>> Sent: Thursday, July 17, 2003 3:26 PM
>> To: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] barnyard errors
>>
>>
>> Can you please include the uncommented portions of your barnyard.conf.
>>
>> Bammkkkk
>>
>> On Thu, Jul 17, 2003 at 03:07:49PM -0400, Scott Renna wrote:
>> > Ok,
>> >
>> > So i took a look at the config file and made some changes, but I'm
>> > still running into weird errors when starting barnyard:
>> >
>> > -*> Barnyard! <*-
>> > Version 0.1.0 (Build 17)
>> > By Andrew R. Baker (andrewb at ...950...)
>> > and Martin Roesch (roesch at ...1935..., www.snort.org)
>> >
>> > Loading Data Processors...
>> > dp_alert loaded
>> > dp_log loaded
>> > dp_stream_stat loaded
>> > Loading Built-in Output Plugins...
>> > Fast Alert plugin initialized
>> > AlertSyslog initialized
>> > Log Dump plugin initialized
>> > LogPcap initialized
>> > AlertCSV initialized
>> > Parsing Config file: /usr/local/etc/barnyard.conf
>> > WARNING /usr/local/etc/barnyard.conf(135) => Unknown output plugin
>> > "alert_acid_db" referenced, ignoring!WARNING
>> > /usr/local/etc/barnyard.conf(136) => Unknown output plugin
>> > "log_acid_db" referenced, ignoring!Archive Directory is NULL Config
>> > File =/usr/local/etc/barnyard.conf Log Dir=/var/log/snort/barnyard/
>> > Spool Dir=/var/log/snort
>> > Spool File=snort.alert
>> > Waldo File=/var/log/snort/waldo.log
>> > Sid File=/usr/local/etc/snort/sid-msg.map
>> > Gen File=/usr/local/etc/snort/gen-msg.map
>> > Hostname=bsdtest
>> > Interface=dc0
>> > Filter=not port 22
>> > Record Number: 0
>> > Log Flag: 1
>> > Verbosity Level=0
>> > File Arg Start: 0
>> > Dry Run mode enabled
>> > commandline: barnyard -c /usr/local/etc/barnyard.conf -f
>> > /var/log/snort.log -g /usr/local/etc/snort/gen-msg.map -s
>> > /usr/local/etc/snort/sid-msg.map -L /var/log/snort/barnyard/ -w
>> > /var/log/snort/waldo.log -R
>> >
>> >
>> >
>> > Here's the weird part, it says the spool file is snort.alert,
>> > however,
>>
>> > my command line specifies that the spool file should be
>> > /var/log/snort.log
>> >
>> > Is there a good site or forum for troubleshooting Barnyard?  Anyone
>> > got some ideas?
>> >
>> > Scott
>> > ***************************
>> > Scott Renna
>> > Head Systems Administrator
>> > Dynamic Animation Systems
>> > 703-503-0500
>> >
>> > ***************************
>> >
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: VM Ware
>> With VMware you can run multiple operating systems on a single
>> machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual
>> machines at the same time. Free trial click here:
>> http://www.vmware.com/wl/offer/345/0
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/F0J7Eqr8+Gkj0/0RAoVmAJ9DDzTkzd+MWSVwKtsucaScVlLoDACfVbSe
MbZofTtrITSw6tzSlGxYivo=
=7rEt
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list