[Snort-users] Error in reading unified2 log files

Dave Corsello snort-users at ...15598...
Fri May 2 08:05:06 EDT 2014


Are you using mysql or mssql?  (You mention both.)  Snort shouldn't be 
configured to directly touch a database--barnyard2 handles that. So, 
remove any "output database" lines from snort.conf, and make sure 
there's an "output unified2" statement.  If you're starting from 
scratch, it probably makes sense to start with snort 2.9.6.1, which is 
the most current version, not 2.9.2.

On 5/2/2014 2:53 AM, basant subba wrote:
> I am trying to process the unified2 output from /var/log/snort using 
> the following command
>
> barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2
>
> But I am getting this error:: ERROR database: 'mssql' support is not 
> compiled into this build of snort. My snort version is 2.9.2 and 
> guessing from the output error I think this version of snort doesn't 
> support mysql. I tried  ./configure--with-mssql too but that doesn't 
> help either. Can anyone guide me on how to upgrade my snort to latest 
> version that supports mysql. Thanks in advance.
>
> Here's my complete output message.
>
> root at ...16835...:/var/log/snort# barnyard2 -c 
> /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2
> Running in Continuous mode
>
>         --== Initializing Barnyard2 ==--
> Initializing Input Plugins!
> Initializing Output Plugins!
> Parsing config file "/etc/snort/barnyard2.conf"
>
>
> +[ Signature Suppress list ]+
> ----------------------------
> +[No entry in Signature Suppress List]+
> ----------------------------
> +[ Signature Suppress list ]+
>
> Barnyard2 spooler: Event cache size set to [2048]
> Log directory = /var/log/barnyard2
> ERROR database: 'mssql' support is not compiled into this build of snort
>
> ERROR: If this build of barnyard2 was obtained as a binary 
> distribution (e.g., rpm,
> or Windows), then check for alternate builds that contains the necessary
> 'mssql' support.
>
> If this build of barnyard2 was compiled by you, then re-run the
> the ./configure script using the '--with-mssql' switch.
> For non-standard installations of a database, the '--with-mssql=DIR'
> syntax may need to be used to specify the base directory of the DB 
> install.
>
> See the database documentation for cursory details (doc/README.database).
> and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
> Barnyard2 exiting
> ===============================================================================
> Record Totals:
>    Records:           0
>    Events:           0 (0.000%)
>    Packets:           0 (0.000%)
>    Unknown:           0 (0.000%)
>    Suppressed:           0 (0.000%)
> ===============================================================================
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140502/04e693cc/attachment.html>


More information about the Snort-users mailing list