[Snort-users] BASE installation in snort

basant subba basantsubba at ...11827...
Mon May 12 10:06:10 EDT 2014


Thank you Joel for that information. Now I have a different problem. When I
am trying to process my unified2 output using barnyard2 I am getting this
error

       --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "./barnyard2.conf"
Log directory = /var/log/barnyard2
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g.,
rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

>From above error message I understood that my installed version of
snort(2.9.6.1) doesn't support mysql. I even tried re-compiling snort using
./configure --with-mysql, as suggested in some post. Everything compiles
fine but then there's a warning at the end saying --with-mysql command
cannot be identified. So is there any other way that I can re-compile my
snort to support mysql? Also I went through  quite a few number of posts
regarding this issue but I didn't find any solution? Is it a dead end and
snort doesn't support myqsl? I had similar query about pulledpork where I
was unable to update my ruleset using oinkcode and I had posted it a few
weeks back but I didn't get any reply.
I was even asked by someone to post my emailid so that he can validate my
oinkcode. But I never heard back from him. Anyways looking forward to some
help to resolve these issues.


On Mon, May 12, 2014 at 6:54 PM, Joel Esler (jesler) <jesler at ...589...>wrote:

>  On May 12, 2014, at 8:33 AM, basant subba <basantsubba at ...11827...> wrote:
>
>  Hello Snort Users. I am trying to log my alerts to mysql database. The
> snort.conf files says that for debian systems I've to do database
> configurations in database.conf file as listed below.....
>
>  # On Debian Systems, the database configuration is kept in a separate
> file:
>  # /etc/snort/database.conf.
>  # This file can be empty, if you are not using any database information
>  # If you are using databases, please edit that file instead of this one,
> to
>  # ensure smoother upgrades to future versions of this package.
>
>  My database.conf file is
>
>  output database: alert, mysql, user=snort password=snort dbname=snort
> host=localhost
>
>   However when I am running snort, I am getting this error.
>
>  ERROR: database.conf(1) Unknown output plugin: "database"
> Fatal Error, Quitting..
>
>  Can anyone please help me fix this problem?
>
>
> The database output plugin was removed in Snort 2.9.3.0, you need to have
> Snort output in unified2 format, and use a program called barnyard2 to
> process those files for insertion into the database.
>
>  --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140512/87cf8267/attachment.html>


More information about the Snort-users mailing list