[Snort-users] error snort + MySQL - SAME PROBLEM HERE.

Edin Dizdarevic edin.dizdarevic at ...7509...
Fri May 23 10:00:02 EDT 2003


Hi,

Christopher.Downs at ...9270... wrote:
> What are the snort compile args you used ? here is what im compiling with
> in a chrooted $ENV:
> 
> [root at ...9273... snort-2.0.0]# ./configure
> --bindir=/var/chroot/snort/usr/bin/ --sbindir=/var/chroot/snort/usr/sbin/
> --libexecdir=/var/chroot/snort/lib/libexec/ --libdir=/var/chroot/snort/lib/
> --with-mysql
> [root at ...9273... snort-2.0.0]#
> 
> Also are you running MySQL on the localhost or another machine on the
> network ? I am currently attempting to log to a remote host.
> 
> Here is my error at start:
> 
> ---------------------- snip --------------------------
> telnet_decode arguments:
>     Ports to decode telnet on: 21 23 25 119
> database: compiled support for ( )
> database: configured to use mysql
            ^^^^^^^^^^

> database: 'mysql' support is not compiled into this build of snort
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> ERROR: If this build of snort was obtained as a binary distribution (e.g.,
> rpm,
> or Windows), then check for alternate builds that contains the necessary
> 'mysql' support.
> 
> If this build of snort was compiled by you, then re-run the
> the ./configure script using the '--with-mysql' switch.
> For non-standard installations of a database, the '--with-mysql=DIR'
> syntax may need to be used to specify the base directory of the DB install.
> 
> See the database documentation for cursory details (doc/README.database).
> and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
> 
> [cdowns at ...9273... cdowns]$
> 
> Here is my snort run start command with args:
> 
> [cdowns at ...9273... cdowns]$ cat snort_start.sh
> cd /var/chroot/snort/usr/bin/ ; ./snort -i eth0 -u snort -g snort -C -c
> ../../etc/rules/snort.conf -l ../../var/log/snort/ &
> [cdowns at ...9273... cdowns]$
> 
> Thanks again, I would like to find out what the hell is going on hehe.

Compile Snort with mysql support, hehe. ;)

configured != support compiled in

Configured means YOU configured Snort to work that way. But Snort is
saying that no support for dealing with the DB was compiled in.

Is that the point?

OK it sounds silly, but it should simple as that. I suppose you did
not have mysql header files at compile time available.

If you're using RedHat install mysql and mysql-devel RPMs. On
Spenneberg's site you can get precompiled and fine working Snort RPMs.

But (!), letting Snort writing to a DB by itself can cause serious
packet loss. Be warned, because that may be your next question here...

Regards,

Edin


> 
> ~!>D

-- 
Edin Dizdarevic





More information about the Snort-users mailing list