[Snort-users] Baryard2 error

Juan Jesus Prieto jjprieto at ...16842...
Mon May 12 12:00:11 EDT 2014


Hi basant,

   This is my barnyard2.conf:

#---------------------------
config utc

config reference_file:	    /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snortrules/gen-msg.map
config sid_file:            /etc/snortrules/sid-msg.map

config hostname: e5sensor

output database: log, mysql, user=snort dbname=snort password=XXXX host=192.168.101.25

input unified2
#----------------------------


Regards

El 12/05/14 17:15, basant subba escribió:
> Hi Juan I have compiled my baryard2 with './configure --with-mysql' 
> command as recommended in many of the posts. But I am still getting 
> the same error. If you have a working barnyard2.conf file that works 
> with mysql can you please post it in the mailing list or mail me 
> personally? And  thank you for your reply.
>
>
> On Mon, May 12, 2014 at 8:08 PM, Juan Jesus Prieto 
> <jjprieto at ...16842... <mailto:jjprieto at ...16842...>> wrote:
>
>     Hi Basant,
>
>       snort does not need to have mysql support, snort write at
>     topspeed to unified2 file and barnyard2 will keep open this file
>     to read packets and events information in u2 format and relay it
>     via output plugin like mysql, syslog, etc. I suppose the error is
>     from your barnyard2 installation.
>
>     Regards.
>
>     El 12/05/14 15:18, basant subba escribió:
>>     Hello snort users. When I am trying run barnyard to process my
>>     unified2 output alerts, I am getting this error.
>>
>>     *database: 'mysql' support is not compiled into this build of snort*
>>     *
>>     *
>>     *ERROR: If this build of snort was obtained as a binary
>>     distribution (e.g., rpm,*
>>     *or Windows), then check for alternate builds that contains the
>>     necessary*
>>     *'mysql' support.*
>>     *
>>     *
>>     *The error is self explanatory in the sense that my installed
>>     version of snort doesn't support mqsql. My query is how do I
>>     rebuild my snort so that it supports mysql without removing the
>>     installed version?*
>>
>>
>>
>>     ------------------------------------------------------------------------------
>>     "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>     Instantly run your Selenium tests across 300+ browser/OS combos.
>>     Get unparalleled scalability from the best Selenium testing platform available
>>     Simple to use. Nothing to install. Get started now for free."
>>     http://p.sf.net/sfu/SauceLabs
>>
>>
>>     _______________________________________________
>>     Snort-users mailing list
>>     Snort-users at lists.sourceforge.net  <mailto:Snort-users at lists.sourceforge.net>
>>     Go to this URL to change user options or unsubscribe:
>>     https://lists.sourceforge.net/lists/listinfo/snort-users
>>     Snort-users list archive:
>>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>>     Please visithttp://blog.snort.org  to stay current on all the latest Snort news!
>
>
>     ------------------------------------------------------------------------------
>     "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>     Instantly run your Selenium tests across 300+ browser/OS combos.
>     Get unparalleled scalability from the best Selenium testing
>     platform available
>     Simple to use. Nothing to install. Get started now for free."
>     http://p.sf.net/sfu/SauceLabs
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>     Please visit http://blog.snort.org to stay current on all the
>     latest Snort news!
>
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140512/05a60fc0/attachment.html>


More information about the Snort-users mailing list