[Snort-users] Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid

Y M snort at ...15979...
Wed Apr 24 16:03:02 EDT 2013


Snort's support to directly write to a database is no longer an option since Snort 2.9.2, if I recall correctly.

Instead, you compile MySQL support with Barnyard2:

./configure --with-mysql --with-mysql-libraries=<path to the mysql libs>

In Snort, you would use unified2 as an output plugin to write unified2 logs and have Barnyard2 parse these into the database. In the docs section on Snort's website you will find step by step documentation on how to do that on SuSE, 12.x as well as other OSs.
________________________________
From: Kurt Jensen<mailto:kjensencissp at ...11827...>
Sent: ‎4/‎24/‎2013 10:44 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid

hello:

We have a working install of Snort 2.9.4.5 on SuSE 12.2 that logs fine but we need to use Barnyard2 and send this data to mysql.  We did not know of any manual steps or added options being required to compile Snort for mysql use with barnyard.  When we start barnyard2 for use with Snort, mysql and Snorby we get the "snort not compiled for use with mysql" errors and barnyard2 fatals out.

We found some options online for snort compiling that also did not work or: ./configure --with-mysql

when trying that option or several versions of it the compile runs to the end but then fails at this step and flags it as an  invalid option.

Can anyone tell us what the correct command and options are please to compile Snort and Barnyard to use mysql?

Thanks!



James Lay <jlay at ...13475...> wrote:

>On 2013-04-24 09:52, John Ainsworth wrote:
>> Hi
>>
>> Im pulling my hair out on this problem
>>
>> I have installed Snort on Ubunutu 12.04 , 2 nics eth0 used for
>> management eth1 is receiving traffic that is coming into our firewall
>> via SPAN on the switch
>
>0 byte u2 files mean no alerts happened.  Have you set something like:
>
>output alert_fast: snortalert.fast
>
>in your snort.conf to verify that you're getting alerts at all?
>
>James
>
>------------------------------------------------------------------------------
>Try New Relic Now & We'll Send You this Cool Shirt
>New Relic is the only SaaS-based application performance monitoring service
>that delivers powerful full stack analytics. Optimize and monitor your
>browser, app, & servers with just a few lines of code. Try New Relic
>and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130424/ca653ddd/attachment.html>


More information about the Snort-users mailing list