[Snort-users] Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid

Kurt Jensen kjensencissp at ...11827...
Wed Apr 24 16:42:18 EDT 2013


Yes thanks we intend to use the barnyard2 piece to feed the data to our mysql we suspected it was not really snort that needed recompiled as the message said.  We have all the packages, libraries, headers etc and did try running some steps to get all these talking that is like this:  

snort > barnyard2 > mysql > snorby 

but clearly being new to this setup we must have missed some of these command steps and options.  We tried to find the documentation you mentioned but didnt.  Might you have a link or pointer to that?

We used the Snort provided Setup Guides and init scripts to get this far but found nothing there on this piece yet.  We are completely new to Barnyard2 and anything beyond basic Snort with default logs.

Thanks

Y M <snort at ...15979...> wrote:

>Snort's support to directly write to a database is no longer an option since Snort 2.9.2, if I recall correctly.
>
>Instead, you compile MySQL support with Barnyard2:
>
>./configure --with-mysql --with-mysql-libraries=<path to the mysql libs>
>
>In Snort, you would use unified2 as an output plugin to write unified2 logs and have Barnyard2 parse these into the database. In the docs section on Snort's website you will find step by step documentation on how to do that on SuSE, 12.x as well as other OSs.
>________________________________
>From: Kurt Jensen<mailto:kjensencissp at ...11827...>
>Sent: ‎4/‎24/‎2013 10:44 PM
>To: snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>
>Subject: [Snort-users] Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid
>
>hello:
>
>We have a working install of Snort 2.9.4.5 on SuSE 12.2 that logs fine but we need to use Barnyard2 and send this data to mysql.  We did not know of any manual steps or added options being required to compile Snort for mysql use with barnyard.  When we start barnyard2 for use with Snort, mysql and Snorby we get the "snort not compiled for use with mysql" errors and barnyard2 fatals out.
>
>We found some options online for snort compiling that also did not work or: ./configure --with-mysql
>
>when trying that option or several versions of it the compile runs to the end but then fails at this step and flags it as an  invalid option.
>
>Can anyone tell us what the correct command and options are please to compile Snort and Barnyard to use mysql?
>
>Thanks!
>
>
>
>James Lay <jlay at ...13475...> wrote:
>
>>On 2013-04-24 09:52, John Ainsworth wrote:
>>> Hi
>>>
>>> Im pulling my hair out on this problem
>>>
>>> I have installed Snort on Ubunutu 12.04 , 2 nics eth0 used for
>>> management eth1 is receiving traffic that is coming into our firewall
>>> via SPAN on the switch
>>
>>0 byte u2 files mean no alerts happened.  Have you set something like:
>>
>>output alert_fast: snortalert.fast
>>
>>in your snort.conf to verify that you're getting alerts at all?
>>
>>James
>>
>>------------------------------------------------------------------------------
>>Try New Relic Now & We'll Send You this Cool Shirt
>>New Relic is the only SaaS-based application performance monitoring service
>>that delivers powerful full stack analytics. Optimize and monitor your
>>browser, app, & servers with just a few lines of code. Try New Relic
>>and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>>Please visit http://blog.snort.org to stay current on all the latest Snort news!
>------------------------------------------------------------------------------
>Try New Relic Now & We'll Send You this Cool Shirt
>New Relic is the only SaaS-based application performance monitoring service
>that delivers powerful full stack analytics. Optimize and monitor your
>browser, app, & servers with just a few lines of code. Try New Relic
>and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130424/d67db3e6/attachment.html>


More information about the Snort-users mailing list