[Snort-users] Baryard2 error

Jeremy Hoel jthoel at ...11827...
Tue May 13 00:19:19 EDT 2014


Once you install base (or as part of the install process) you tell it to
use the DB that you have with BY2.  I haven't installed BASE in YEARS so I
don't recall the exact process, but it should be too hard.

Worse case, you have to nuke your DB, have base create it and then use that
DB with BY2.  You can have BY2 replay the unified 2 files that you already
sent if you need to start over.

You might find BASE a bit limiting and you might look into playing with
Snorby.. it uses a BY2 compatible DB..

And glad you got it working!




On Tue, May 13, 2014 at 12:11 AM, basant subba <basantsubba at ...11827...>wrote:

>
> Thank you Jeremy for your help. BY2 is working now and its logging data
> from U2 file to mysql database. However now I want to list the contents of
> mysql database using BASE. How do I do that? Is there any manual for BASE
> installation? Once again thank you for your help.
>
>
> On Tue, May 13, 2014 at 1:59 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
>
>> The error is not related to the ouput but to the compilation of BY2.  You
>> are doing it from source yes?  You have the proper libraries and headers
>> installed and when you compile, are there any errors?
>>
>> Where are you getting the source from?  My folder was called
>> barnyard2-master because that was the tgz I had grabbed at the time.  The
>> autogen should by in whatever folder gets created when you extract the
>> zip/tarball.
>>
>>
>>
>>
>>
>> On Mon, May 12, 2014 at 11:15 AM, basant subba <basantsubba at ...11827...>wrote:
>>
>>> Hi Juan I have compiled my baryard2 with './configure --with-mysql'
>>> command as recommended in many of the posts. But I am still getting the
>>> same error. If you have a working barnyard2.conf file that works with mysql
>>> can you please post it in the mailing list or mail me personally? And
>>>  thank you for your reply.
>>>
>>>
>>> On Mon, May 12, 2014 at 8:08 PM, Juan Jesus Prieto <
>>> jjprieto at ...16842...> wrote:
>>>
>>>>  Hi Basant,
>>>>
>>>>   snort does not need to have mysql support, snort write at topspeed to
>>>> unified2 file and barnyard2 will keep open this file to read packets and
>>>> events information in u2 format and relay it via output plugin like mysql,
>>>> syslog, etc. I suppose the error is from your barnyard2 installation.
>>>>
>>>> Regards.
>>>>
>>>> El 12/05/14 15:18, basant subba escribió:
>>>>
>>>> Hello snort users. When I am trying run barnyard to process my unified2
>>>> output alerts, I am getting this error.
>>>>
>>>>  *database: 'mysql' support is not compiled into this build of snort*
>>>>
>>>>  *ERROR: If this build of snort was obtained as a binary distribution
>>>> (e.g., rpm,*
>>>> *or Windows), then check for alternate builds that contains the
>>>> necessary*
>>>> *'mysql' support.*
>>>>
>>>>  *The error is self explanatory in the sense that my installed version
>>>> of snort doesn't support mqsql. My query is how do I rebuild my snort so
>>>> that it supports mysql without removing the installed version?*
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>>> Instantly run your Selenium tests across 300+ browser/OS combos.
>>>> Get unparalleled scalability from the best Selenium testing platform available
>>>> Simple to use. Nothing to install. Get started now for free."http://p.sf.net/sfu/SauceLabs
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Snort-users mailing listSnort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>>> Instantly run your Selenium tests across 300+ browser/OS combos.
>>>> Get unparalleled scalability from the best Selenium testing platform
>>>> available
>>>> Simple to use. Nothing to install. Get started now for free."
>>>> http://p.sf.net/sfu/SauceLabs
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>> Instantly run your Selenium tests across 300+ browser/OS combos.
>>> Get unparalleled scalability from the best Selenium testing platform
>>> available
>>> Simple to use. Nothing to install. Get started now for free."
>>> http://p.sf.net/sfu/SauceLabs
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform
> available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140513/a59ec694/attachment.html>


More information about the Snort-users mailing list