[Snort-users] Snort and MySQL

Joao Daniel Neves joaodanielnevesss at ...125...
Tue Sep 25 10:10:44 EDT 2012


Just for documenting:

I resolved the problem: 

    BARNYARD2-1.9, was not finding mySQL libraries because it was compiled for 64bits archeteture. The OS have being using 32bits MySQL libraries. 

    I uninstalled those mySQL 32bits libraries and installed 64bits version. 

Of course, when I compiled BARNYARD2-1.9, I needed to 'say' where to look for  new instaled libraries.

> From: jesler at ...1935...
> Date: Fri, 21 Sep 2012 14:57:52 -0400
> To: jthoel at ...11827...
> CC: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort and MySQL
> 
> http://blog.snort.org/2011/06/snorts-output-methods.html
> 
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> 
> On Sep 21, 2012, at 2:47 PM, Jeremy Hoel <jthoel at ...11827...> wrote:
> 
> > The reason behind it was, as i can best summarize, is that snort is a
> > IDS/IPS and it's job is to generate alerts as quick as possible.  So
> > snort outputs to unified and syslog and that's about it.  Then you use
> > other tools to take the unified files and send them somewhere.  this
> > allows snort to work faster and focus on it's one task vs worring
> > about DB connections, etc.
> > 
> > 
> > 
> > On Fri, Sep 21, 2012 at 4:43 PM, PR <oly562 at ...11827...> wrote:
> >> whose bright idea what that by the way? reasons??? due to daq? just
> >> curious. thanks, it helps me understand things more
> >> 
> >> On Fri, 2012-09-21 at 08:12 -0400, Jack wrote:
> >>> Snort can not output directly to mysql anymore, It is required to use
> >>> Barnyard2 in order to use mysql databases with snort now.
> >>> 
> >>> On Fri, Sep 21, 2012 at 7:20 AM, Joao Daniel Neves
> >>> <joaodanielnevesss at ...125...> wrote:
> >>>> 
> >>>> Hi,
> >>>> 
> >>>> I instaled MySQL via RPM at Centos 5.5.
> >>>> 
> >>>> [root at ...780... ]# rpm -qa | grep mysql
> >>>> mysql-5.0.77-4.el5_6.6
> >>>> 
> >>>> It is a x86 package. My OS is x86_64
> >>>> 
> >>>> I have compiled the snort's dependencies for my system since that there
> >>>> aren't official RPM packages. I ran ldconfig.
> >>>> 
> >>>> Then I finally tried to install snort.
> >>>> 
> >>>> ./configure --with-mysql
> >>>> A lot of output cuted
> >>>> configure: WARNING: unrecognized options: --with-mysql
> >>>> 
> >>>> My question: How to compile Snort to use MySQL?
> >>>> 
> >>>> 
> >>>> ------------------------------------------------------------------------------
> >>>> Got visibility?
> >>>> Most devs has no idea what their production app looks like.
> >>>> Find out how fast your code is with AppDynamics Lite.
> >>>> http://ad.doubleclick.net/clk;262219671;13503038;y?
> >>>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> >>>> _______________________________________________
> >>>> Snort-users mailing list
> >>>> Snort-users at lists.sourceforge.net
> >>>> Go to this URL to change user options or unsubscribe:
> >>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>> Snort-users list archive:
> >>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>> 
> >>>> Please visit http://blog.snort.org to stay current on all the latest Snort
> >>>> news!
> >>> 
> >>> 
> >>> 
> >> 
> >> 
> >> ------------------------------------------------------------------------------
> >> Got visibility?
> >> Most devs has no idea what their production app looks like.
> >> Find out how fast your code is with AppDynamics Lite.
> >> http://ad.doubleclick.net/clk;262219671;13503038;y?
> >> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >> 
> >> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> > 
> > ------------------------------------------------------------------------------
> > Got visibility?
> > Most devs has no idea what their production app looks like.
> > Find out how fast your code is with AppDynamics Lite.
> > http://ad.doubleclick.net/clk;262219671;13503038;y?
> > http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120925/36a651ee/attachment.html>


More information about the Snort-users mailing list