[Snort-users] Error in reading unified2 log files

basant subba basantsubba at ...11827...
Fri May 2 02:53:37 EDT 2014


I am trying to process the unified2 output from /var/log/snort using the
following command

barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2

But I am getting this error:: ERROR database: 'mssql' support is not
compiled into this build of snort. My snort version is 2.9.2 and guessing
from the output error I think this version of snort doesn't support mysql.
I tried  ./configure--with-mssql too but that doesn't help either. Can
anyone guide me on how to upgrade my snort to latest version that supports
mysql. Thanks in advance.

Here's my complete output message.

root at ...16835...:/var/log/snort# barnyard2 -c /etc/snort/barnyard2.conf
-d /var/log/snort -f snort.u2
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
ERROR database: 'mssql' support is not compiled into this build of snort

ERROR: If this build of barnyard2 was obtained as a binary distribution
(e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mssql' support.

If this build of barnyard2 was compiled by you, then re-run the
the ./configure script using the '--with-mssql' switch.
For non-standard installations of a database, the '--with-mssql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
Barnyard2 exiting
===============================================================================
Record Totals:
   Records:           0
   Events:           0 (0.000%)
   Packets:           0 (0.000%)
   Unknown:           0 (0.000%)
   Suppressed:           0 (0.000%)
===============================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140502/2048111c/attachment.html>


More information about the Snort-users mailing list