[Snort-users] Baryard2 error

basant subba basantsubba at ...11827...
Tue May 13 01:26:52 EDT 2014


Thank you everyone for the help. Now even the BASE is up and running. If
anyone else is having the same problem, I would recommend them to visit
this page for trouble shooting

http://www.howtoforge.com/intrusion-detection-with-snort-mysql-apache2-on-ubuntu-7.10


On Tue, May 13, 2014 at 9:49 AM, Jeremy Hoel <jthoel at ...11827...> wrote:

> Once you install base (or as part of the install process) you tell it to
> use the DB that you have with BY2.  I haven't installed BASE in YEARS so I
> don't recall the exact process, but it should be too hard.
>
> Worse case, you have to nuke your DB, have base create it and then use
> that DB with BY2.  You can have BY2 replay the unified 2 files that you
> already sent if you need to start over.
>
> You might find BASE a bit limiting and you might look into playing with
> Snorby.. it uses a BY2 compatible DB..
>
> And glad you got it working!
>
>
>
>
> On Tue, May 13, 2014 at 12:11 AM, basant subba <basantsubba at ...11827...>wrote:
>
>>
>> Thank you Jeremy for your help. BY2 is working now and its logging data
>> from U2 file to mysql database. However now I want to list the contents of
>> mysql database using BASE. How do I do that? Is there any manual for BASE
>> installation? Once again thank you for your help.
>>
>>
>> On Tue, May 13, 2014 at 1:59 AM, Jeremy Hoel <jthoel at ...11827...> wrote:
>>
>>> The error is not related to the ouput but to the compilation of BY2.
>>>  You are doing it from source yes?  You have the proper libraries and
>>> headers installed and when you compile, are there any errors?
>>>
>>> Where are you getting the source from?  My folder was called
>>> barnyard2-master because that was the tgz I had grabbed at the time.  The
>>> autogen should by in whatever folder gets created when you extract the
>>> zip/tarball.
>>>
>>>
>>>
>>>
>>>
>>> On Mon, May 12, 2014 at 11:15 AM, basant subba <basantsubba at ...11827...>wrote:
>>>
>>>> Hi Juan I have compiled my baryard2 with './configure --with-mysql'
>>>> command as recommended in many of the posts. But I am still getting the
>>>> same error. If you have a working barnyard2.conf file that works with mysql
>>>> can you please post it in the mailing list or mail me personally? And
>>>>  thank you for your reply.
>>>>
>>>>
>>>> On Mon, May 12, 2014 at 8:08 PM, Juan Jesus Prieto <
>>>> jjprieto at ...16842...> wrote:
>>>>
>>>>>  Hi Basant,
>>>>>
>>>>>   snort does not need to have mysql support, snort write at topspeed
>>>>> to unified2 file and barnyard2 will keep open this file to read packets and
>>>>> events information in u2 format and relay it via output plugin like mysql,
>>>>> syslog, etc. I suppose the error is from your barnyard2 installation.
>>>>>
>>>>> Regards.
>>>>>
>>>>> El 12/05/14 15:18, basant subba escribió:
>>>>>
>>>>> Hello snort users. When I am trying run barnyard to process my
>>>>> unified2 output alerts, I am getting this error.
>>>>>
>>>>>  *database: 'mysql' support is not compiled into this build of snort*
>>>>>
>>>>>  *ERROR: If this build of snort was obtained as a binary distribution
>>>>> (e.g., rpm,*
>>>>> *or Windows), then check for alternate builds that contains the
>>>>> necessary*
>>>>> *'mysql' support.*
>>>>>
>>>>>  *The error is self explanatory in the sense that my installed
>>>>> version of snort doesn't support mqsql. My query is how do I rebuild my
>>>>> snort so that it supports mysql without removing the installed version?*
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>>>> Instantly run your Selenium tests across 300+ browser/OS combos.
>>>>> Get unparalleled scalability from the best Selenium testing platform available
>>>>> Simple to use. Nothing to install. Get started now for free."http://p.sf.net/sfu/SauceLabs
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Snort-users mailing listSnort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>>
>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>>>> Instantly run your Selenium tests across 300+ browser/OS combos.
>>>>> Get unparalleled scalability from the best Selenium testing platform
>>>>> available
>>>>> Simple to use. Nothing to install. Get started now for free."
>>>>> http://p.sf.net/sfu/SauceLabs
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>>
>>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>>> Snort news!
>>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>>> Instantly run your Selenium tests across 300+ browser/OS combos.
>>>> Get unparalleled scalability from the best Selenium testing platform
>>>> available
>>>> Simple to use. Nothing to install. Get started now for free."
>>>> http://p.sf.net/sfu/SauceLabs
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos.
>> Get unparalleled scalability from the best Selenium testing platform
>> available
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140513/c48bd38f/attachment.html>


More information about the Snort-users mailing list