[Snort-users] BASE installation in snort
basantsubba at ...11827...
Mon May 12 10:06:10 EDT 2014
Thank you Joel for that information. Now I have a different problem. When I
am trying to process my unified2 output using barnyard2 I am getting this
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "./barnyard2.conf"
Log directory = /var/log/barnyard2
database: 'mysql' support is not compiled into this build of snort
ERROR: If this build of snort was obtained as a binary distribution (e.g.,
or Windows), then check for alternate builds that contains the necessary
If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.
>From above error message I understood that my installed version of
snort(22.214.171.124) doesn't support mysql. I even tried re-compiling snort using
./configure --with-mysql, as suggested in some post. Everything compiles
fine but then there's a warning at the end saying --with-mysql command
cannot be identified. So is there any other way that I can re-compile my
snort to support mysql? Also I went through quite a few number of posts
regarding this issue but I didn't find any solution? Is it a dead end and
snort doesn't support myqsl? I had similar query about pulledpork where I
was unable to update my ruleset using oinkcode and I had posted it a few
weeks back but I didn't get any reply.
I was even asked by someone to post my emailid so that he can validate my
oinkcode. But I never heard back from him. Anyways looking forward to some
help to resolve these issues.
On Mon, May 12, 2014 at 6:54 PM, Joel Esler (jesler) <jesler at ...589...>wrote:
> On May 12, 2014, at 8:33 AM, basant subba <basantsubba at ...11827...> wrote:
> Hello Snort Users. I am trying to log my alerts to mysql database. The
> snort.conf files says that for debian systems I've to do database
> configurations in database.conf file as listed below.....
> # On Debian Systems, the database configuration is kept in a separate
> # /etc/snort/database.conf.
> # This file can be empty, if you are not using any database information
> # If you are using databases, please edit that file instead of this one,
> # ensure smoother upgrades to future versions of this package.
> My database.conf file is
> output database: alert, mysql, user=snort password=snort dbname=snort
> However when I am running snort, I am getting this error.
> ERROR: database.conf(1) Unknown output plugin: "database"
> Fatal Error, Quitting..
> Can anyone please help me fix this problem?
> The database output plugin was removed in Snort 126.96.36.199, you need to have
> Snort output in unified2 format, and use a program called barnyard2 to
> process those files for insertion into the database.
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users