[Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue

Jeremy Hoel jthoel at ...11827...
Thu Aug 30 16:25:24 EDT 2012


That's odd.  We build regular boxes all the time, and i just did a few
of the new snort builds and they didn't have any sql as part of the
build

'./configure --enable-zlib --enable-reload
--with-daq_includes=/usr/local/include
--with-daq_libraries=/usr/local/lib --enable-perfprofiling
--enable-ppm --enable-static-daq'

and then we build barnyard with the sql bit './configure --with-mysql
--with-mysql-libraries=/usr/lib64/mysql --with-tcl=/usr/lib64'

You are doing your own barnyard compile right?  I noticed you use
mssql.. i don't have any experiance with that part, but it should be
close to the same.

have you tried building barnyard again?

Looking at the barnyard source, this does seem like a barnyard error

src/output-plugins/spo_database.c:            ErrorMessage("database:
'%s' support is not compiled into this build of snort\n\n", type);


On Thu, Aug 30, 2012 at 6:00 PM, Eric Biederman
<Eric.Biederman at ...15792...> wrote:
> My start script. /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
> /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo
>
>
>
>
>
> Running in Continuous mode
>
>
>
>         --== Initializing Barnyard2 ==--
>
> Initializing Input Plugins!
>
> Initializing Output Plugins!
>
> Parsing config file "/etc/snort/barnyard2.conf"
>
> Log directory = /var/log/barnyard2
>
> database: 'mssql' support is not compiled into this build of snort
>
>
>
> ERROR: If this build of snort was obtained as a binary distribution (e.g.,
> rpm,
>
> or Windows), then check for alternate builds that contains the necessary
>
> 'mssql' support.
>
>
>
> If this build of snort was compiled by you, then re-run the
>
> the ./configure script using the '--with-mssql' switch.
>
> For non-standard installations of a database, the '--with-mssql=DIR'
>
> syntax may need to be used to specify the base directory of the DB install.
>
>
>
> See the database documentation for cursory details (doc/README.database).
>
> and the URL to the most recent database plugin documentation.
>
> Fatal Error, Quitting..
>
>
>
>
>
>
>
> From: Jeremy Hoel [mailto:jthoel at ...11827...]
> Sent: Thursday, August 30, 2012 1:58 PM
> To: Eric Biederman
> Subject: Re: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue
>
>
>
> Can you copy and paste the exact error.. I'm willing to bet its barnyard2
> that was compiled without the MySQL libraries.
>
> On Aug 30, 2012 1:45 PM, "Eric Biederman" <Eric.Biederman at ...15792...>
> wrote:
>
> I am having a problem where when I try to start my Barnyard2 system I am
> getting notified that my version of snort was not configured with mysql
> support and to recompile with this support. My understanding is that Snort
> 2.9.3.1 no longer handles mysql and leaves it to 3rd parties to deal with.
>
> My snort install runs fine to logs and I can start Barnyard without the
> mysql call with no apparent problems but once I add the mysql output back
> into my barnyard.conf file I am unable to start it
>
>
>
> CentOS6.2
>
> Snort-2.9.3.1
>
> BarnYard2 – 2.1.9
>
>
>
> This is my first pass at implementing this configuration to replace a
> windows based snort and MSSQL system.  I missing something easy?
>
>
>
> Thank you
>
> Eric
>
>
>
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.




More information about the Snort-users mailing list