[Snort-users] Trouble in the Barnyard

Noah Dietrich noah_dietrich at ...17393...
Mon Jan 16 07:28:00 EST 2017


the output you show from ./configure looks correct (the line that
shows "*checking
for mysql... yes*" is what you're looking for).

after you run: ./configure --with-mysql --with-mysql-libraries=/usr/
lib/i386-linux-gnu (note you don't need to run this as sudo), are you
running *make* and then *sudo make install*?

I would try moving the current barnyard2 binary (navigate to the banryard2
folder, then run *sudo mv barnyard2 barnyard2.bak)* to ensure you're
working with the newly compiled barnyard2, and try these steps to
configure, compile, and install barnyard2:

cd ~/Downloads/Barnyard2/barnyard2-master
./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
make
sudo make install

ensure there are *no* errors during the *make* stage or the *sudo make
install* stage. When done with these steps, you should be able to run
barnyard2. if it doesn't run, then there is an issue with your
configuration / build.

Noah



On Wed, Jan 11, 2017 at 4:43 AM, Bob Baller <bobballer at ...15978...> wrote:

> I’ve been attempting to install Barnyard2 for a while and seem to be
> stuck.  I’ve tried to research the problem but haven’t found a solution,
> although the problem seems to have been reported on a number of different
> sites including this one.  The problem is that I get the following error
> when I attempt to run Barnyard2:
>
>
>
> *‘ERROR database: 'mysql' support is not compiled into this build of
> barnyard2’*
>
>
>
> The info below provides more on what I have done, and the results of some
> of the commands.    As indicated, I’ve tried numerous variations on the
> configuration of Barnyard2 and nothing seems to work up to this point.
> Snort however appears to be working fine and is able to write data to the
> U2 files.
>
>
>
> Snort works fine and writes data to the u2 file.  MySQL appears to be set
> up correctly  however Barnyard fails as soon as I run it, each time with
> the same error.
>
> I am working with the following:
>
> ·         Linux Mint ver 18 32bit
>
> ·         MySql ver 5.7.16-0ubuntu0.16.04.1
>
> ·         Snort ver 2.9.7.0-5
>
> ·         Barnyard2 ver 2.1.14 Build 339
>
>
>
> Hopefully someone can see something in the information below that would
> make sense.  I would appreciate any help.
>
>
>
>
>
>
>
> Below is the output from my attempt to run Barnyard2
>
>
>
> bob at ...17738... ~/Downloads/Barnyard2/barnyard2-master $ sudo barnyard2 -c
> /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
> /var/log/snort/barnyard2.waldo -g snort -u snort
>
> Running in Continuous mode
>
>
>
>         --== Initializing Barnyard2 ==--
>
> Initializing Input Plugins!
>
> Initializing Output Plugins!
>
> Parsing config file "/etc/snort/barnyard2.conf"
>
>
>
>
>
> +[ Signature Suppress list ]+
>
> ----------------------------
>
> +[No entry in Signature Suppress List]+
>
> ----------------------------
>
> +[ Signature Suppress list ]+
>
>
>
> Barnyard2 spooler: Event cache size set to [2048]
>
> Log directory = /var/log/barnyard2
>
> ERROR database: 'mysql' support is not compiled into this build of
> barnyard2
>
>
>
> ERROR: If this build of barnyard2 was obtained as a binary distribution
> (e.g., rpm,
>
> or Windows), then check for alternate builds that contains the necessary
>
> 'mysql' support.
>
>
>
> If this build of barnyard2 was compiled by you, then re-run the
>
> the ./configure script using the '--with-mysql' switch.
>
> For non-standard installations of a database, the '--with-mysql=DIR'
>
> syntax may need to be used to specify the base directory of the DB install.
>
>
>
> See the database documentation for cursory details (doc/README.database).
>
> and the URL to the most recent database plugin documentation.
>
> Fatal Error, Quitting..
>
> Barnyard2 exiting
>
> ============================================================
> ===================
>
> Record Totals:
>
>    Records:           0
>
>    Events:           0 (0.000%)
>
>    Packets:           0 (0.000%)
>
>    Unknown:           0 (0.000%)
>
>    Suppressed:           0 (0.000%)
>
> ============================================================
> ===================
>
> Packet breakdown by protocol (includes rebuilt packets):
>
>       ETH: 0          (0.000%)
>
>   ETHdisc: 0          (0.000%)
>
>      VLAN: 0          (0.000%)
>
>      IPV6: 0          (0.000%)
>
>   IP6 EXT: 0          (0.000%)
>
>   IP6opts: 0          (0.000%)
>
>   IP6disc: 0          (0.000%)
>
>       IP4: 0          (0.000%)
>
>   IP4disc: 0          (0.000%)
>
>     TCP 6: 0          (0.000%)
>
>     UDP 6: 0          (0.000%)
>
>     ICMP6: 0          (0.000%)
>
>   ICMP-IP: 0          (0.000%)
>
>       TCP: 0          (0.000%)
>
>       UDP: 0          (0.000%)
>
>      ICMP: 0          (0.000%)
>
>   TCPdisc: 0          (0.000%)
>
>   UDPdisc: 0          (0.000%)
>
>   ICMPdis: 0          (0.000%)
>
>      FRAG: 0          (0.000%)
>
>    FRAG 6: 0          (0.000%)
>
>       ARP: 0          (0.000%)
>
>     EAPOL: 0          (0.000%)
>
>   ETHLOOP: 0          (0.000%)
>
>       IPX: 0          (0.000%)
>
>     OTHER: 0          (0.000%)
>
>   DISCARD: 0          (0.000%)
>
> InvChkSum: 0          (0.000%)
>
>    S5 G 1: 0          (0.000%)
>
>    S5 G 2: 0          (0.000%)
>
>     Total: 0
>
> ============================================================
> ===================
>
>
>
>
>
> Below is the output from running the configure command.  I have tried this
> using it as shown below as well as using it with the following
> '--with-mysql' commands:  ('--with-mysql=/usr/';
> '--with-mysql=/var/lib/mysql' ; '--with-mysql=/usr/lib/mysql/plugin' and
> '--with-mysql:/usr/share/mysql/)
>
>
>
>
>
> bob at ...17738... ~/Downloads/Barnyard2/barnyard2-master $ sudo ./configure
> --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
>
> checking for a BSD-compatible install... /usr/bin/install -c
>
> checking whether build environment is sane... yes
>
> checking for a thread-safe mkdir -p... /bin/mkdir -p
>
> checking for gawk... gawk
>
> checking whether make sets $(MAKE)... yes
>
> checking whether make supports nested variables... yes
>
> checking build system type... i686-pc-linux-gnu
>
> checking host system type... i686-pc-linux-gnu
>
> checking how to print strings... printf
>
> checking for style of include used by make... GNU
>
> checking for gcc... gcc
>
> checking whether the C compiler works... yes
>
> checking for C compiler default output file name... a.out
>
> checking for suffix of executables...
>
> checking whether we are cross compiling... no
>
> checking for suffix of object files... o
>
> checking whether we are using the GNU C compiler... yes
>
> checking whether gcc accepts -g... yes
>
> checking for gcc option to accept ISO C89... none needed
>
> checking whether gcc understands -c and -o together... yes
>
> checking dependency style of gcc... none
>
> checking for a sed that does not truncate output... /bin/sed
>
> checking for grep that handles long lines and -e... /bin/grep
>
> checking for egrep... /bin/grep -E
>
> checking for fgrep... /bin/grep -F
>
> checking for ld used by gcc... /usr/bin/ld
>
> checking if the linker (/usr/bin/ld) is GNU ld... yes
>
> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
>
> checking the name lister (/usr/bin/nm -B) interface... BSD nm
>
> checking whether ln -s works... yes
>
> checking the maximum length of command line arguments... 1572864
>
> checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu
> format... func_convert_file_noop
>
> checking how to convert i686-pc-linux-gnu file names to toolchain
> format... func_convert_file_noop
>
> checking for /usr/bin/ld option to reload object files... -r
>
> checking for objdump... objdump
>
> checking how to recognize dependent libraries... pass_all
>
> checking for dlltool... no
>
> checking how to associate runtime and link libraries... printf %s\n
>
> checking for ar... ar
>
> checking for archiver @FILE support... @
>
> checking for strip... strip
>
> checking for ranlib... ranlib
>
> checking command to parse /usr/bin/nm -B output from gcc object... ok
>
> checking for sysroot... no
>
> checking for a working dd... /bin/dd
>
> checking how to truncate binary pipes... /bin/dd bs=4096 count=1
>
> checking for mt... mt
>
> checking if mt is a manifest tool... no
>
> checking how to run the C preprocessor... gcc -E
>
> checking for ANSI C header files... yes
>
> checking for sys/types.h... yes
>
> checking for sys/stat.h... yes
>
> checking for stdlib.h... yes
>
> checking for string.h... yes
>
> checking for memory.h... yes
>
> checking for strings.h... yes
>
> checking for inttypes.h... yes
>
> checking for stdint.h... yes
>
> checking for unistd.h... yes
>
> checking for dlfcn.h... yes
>
> checking for objdir... .libs
>
> checking if gcc supports -fno-rtti -fno-exceptions... no
>
> checking for gcc option to produce PIC... -fPIC -DPIC
>
> checking if gcc PIC flag -fPIC -DPIC works... yes
>
> checking if gcc static flag -static works... yes
>
> checking if gcc supports -c -o file.o... yes
>
> checking if gcc supports -c -o file.o... (cached) yes
>
> checking whether the gcc linker (/usr/bin/ld) supports shared libraries...
> yes
>
> checking whether -lc should be explicitly linked in... no
>
> checking dynamic linker characteristics... GNU/Linux ld.so
>
> checking how to hardcode library paths into programs... immediate
>
> checking whether stripping libraries is possible... yes
>
> checking if libtool supports shared libraries... yes
>
> checking whether to build shared libraries... yes
>
> checking whether to build static libraries... yes
>
> checking whether to enable maintainer-specific portions of Makefiles... no
>
> checking for gcc option to accept ISO C99... none needed
>
> checking for gcc option to accept ISO Standard C... (cached) none needed
>
> checking for gcc... (cached) gcc
>
> checking whether we are using the GNU C compiler... (cached) yes
>
> checking whether gcc accepts -g... (cached) yes
>
> checking for gcc option to accept ISO C89... (cached) none needed
>
> checking whether gcc understands -c and -o together... (cached) yes
>
> checking dependency style of gcc... (cached) none
>
> checking whether byte ordering is bigendian... no
>
> checking for bison... bison
>
> checking for flex... flex
>
> checking for strings.h... (cached) yes
>
> checking for string.h... (cached) yes
>
> checking for stdlib.h... (cached) yes
>
> checking for unistd.h... (cached) yes
>
> checking sys/sockio.h usability... no
>
> checking sys/sockio.h presence... no
>
> checking for sys/sockio.h... no
>
> checking paths.h usability... yes
>
> checking paths.h presence... yes
>
> checking for paths.h... yes
>
> checking for inttypes.h... (cached) yes
>
> checking wchar.h usability... yes
>
> checking wchar.h presence... yes
>
> checking for wchar.h... yes
>
> checking math.h usability... yes
>
> checking math.h presence... yes
>
> checking for math.h... yes
>
> checking for floor in -lm... yes
>
> checking for ceil in -lm... yes
>
> checking for inet_ntoa in -lnsl... yes
>
> checking for socket in -lsocket... no
>
> checking whether printf must be declared... no
>
> checking whether fprintf must be declared... no
>
> checking whether syslog must be declared... no
>
> checking whether puts must be declared... no
>
> checking whether fputs must be declared... no
>
> checking whether fputc must be declared... no
>
> checking whether fopen must be declared... no
>
> checking whether fclose must be declared... no
>
> checking whether fwrite must be declared... no
>
> checking whether fflush must be declared... no
>
> checking whether getopt must be declared... no
>
> checking whether bzero must be declared... no
>
> checking whether bcopy must be declared... no
>
> checking whether memset must be declared... no
>
> checking whether strtol must be declared... no
>
> checking whether strcasecmp must be declared... no
>
> checking whether strncasecmp must be declared... no
>
> checking whether strerror must be declared... no
>
> checking whether perror must be declared... no
>
> checking whether socket must be declared... no
>
> checking whether sendto must be declared... no
>
> checking whether vsnprintf must be declared... no
>
> checking whether snprintf must be declared... no
>
> checking whether strtoul must be declared... no
>
> checking for snprintf... yes
>
> checking for strlcpy... no
>
> checking for strlcat... no
>
> checking for strerror... yes
>
> checking for vswprintf... yes
>
> checking for wprintf... yes
>
> checking size of char... 1
>
> checking size of short... 2
>
> checking size of int... 4
>
> checking size of long int... 4
>
> checking size of long long int... 8
>
> checking size of unsigned int... 4
>
> checking size of unsigned long int... 4
>
> checking size of unsigned long long int... 8
>
> checking for u_int8_t... yes
>
> checking for u_int16_t... yes
>
> checking for u_int32_t... yes
>
> checking for u_int64_t... yes
>
> checking for uint8_t... yes
>
> checking for uint16_t... yes
>
> checking for uint32_t... yes
>
> checking for uint64_t... yes
>
> checking for int8_t... yes
>
> checking for int16_t... yes
>
> checking for int32_t... yes
>
> checking for int64_t... yes
>
> checking for INADDR_NONE... yes
>
> checking for __FUNCTION__... yes
>
> checking pcap.h usability... yes
>
> checking pcap.h presence... yes
>
> checking for pcap.h... yes
>
> checking for pcap_datalink in -lpcap... yes
>
> checking for sparc... no
>
> checking for mysql... yes
>
> checking for compress in -lz... yes
>
> checking for mysql default client reconnect... no
>
> checking for mysql reconnect option... yes
>
> checking for mysql setting of reconnect option before connect bug... no
>
> checking for linuxthreads... no
>
> checking that generated files are newer than configure... done
>
> configure: creating ./config.status
>
> config.status: creating Makefile
>
> config.status: creating src/Makefile
>
> config.status: creating src/sfutil/Makefile
>
> config.status: creating src/input-plugins/Makefile
>
> config.status: creating src/output-plugins/Makefile
>
> config.status: creating etc/Makefile
>
> config.status: creating doc/Makefile
>
> config.status: creating rpm/Makefile
>
> config.status: creating schemas/Makefile
>
> config.status: creating m4/Makefile
>
> config.status: creating config.h
>
> config.status: config.h is unchanged
>
> config.status: executing depfiles commands
>
> config.status: executing libtool commands
>
>
>
>
>
> Below is is info from MySql showing the tables and variables from the
> snort database:
>
>
>
>
>
> mysql> use snort
>
> Reading table information for completion of table and column names
>
> You can turn off this feature to get a quicker startup with -A
>
>
>
> Database changed
>
> mysql> SHOW TABLES;
>
> +------------------+
>
> | Tables_in_snort  |
>
> +------------------+
>
> | data             |
>
> | detail           |
>
> | encoding         |
>
> | event            |
>
> | icmphdr          |
>
> | iphdr            |
>
> | opt              |
>
> | reference        |
>
> | reference_system |
>
> | schema           |
>
> | sensor           |
>
> | sig_class        |
>
> | sig_reference    |
>
> | signature        |
>
> | tcphdr           |
>
> | udphdr           |
>
> +------------------+
>
> 16 rows in set (0.00 sec)
>
>
>
> mysql> SHOW VARIABLES WHERE Variable_Name LIKE "%dir";
>
> +---------------------------+----------------------------+
>
> | Variable_name             | Value                      |
>
> +---------------------------+----------------------------+
>
> | basedir                   | /usr/                      |
>
> | character_sets_dir        | /usr/share/mysql/charsets/ |
>
> | datadir                   | /var/lib/mysql/            |
>
> | innodb_data_home_dir      |                            |
>
> | innodb_log_group_home_dir | ./                         |
>
> | innodb_tmpdir             |                            |
>
> | lc_messages_dir           | /usr/share/mysql/          |
>
> | plugin_dir                | /usr/lib/mysql/plugin/     |
>
> | slave_load_tmpdir         | /tmp                       |
>
> | tmpdir                    | /tmp                       |
>
> +---------------------------+----------------------------+
>
> 10 rows in set (0.06 sec)
>
>
>
> The image below is a screenshot showing the Snort.u2 logs contain data.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> The text below is from the Barnyard2.conf file showing that the output
> database has been configured
>
>
>
> Examples:
>
> #   output database: log, mysql, user=root password=test dbname=db
> host=localhost
>
> #   output database: alert, postgresql, user=snort dbname=snort
>
> #   output database: log, odbc, user=snort dbname=snort
>
> #   output database: log, mssql, dbname=snort user=snort password=test
>
> #   output database: log, oracle, dbname=snort user=snort password=test
>
> #
>
> output database: log, mysql, user=snort password=*********** dbname=snort
> host=localhost
>
>
>
>
>
>
>
>
>
> Below is the listing from /var/lib/mysql:This shows that the snort DB hasn't
> been accessed since Jan 2 (prior to my attempts to setup Barnyard2.
>
>
>
>
>
> HP7620 mysql # dir -l
>
> total 122912
>
> -rw-r----- 1 mysql mysql       56 Dec 25 23:05 auto.cnf
>
> -rw-r--r-- 1 root  root         0 Dec 25 23:05 debian-5.7.flag
>
> -rw-r----- 1 mysql mysql      302 Jan  2 14:43 ib_buffer_pool
>
> -rw-r----- 1 mysql mysql 12582912 Jan  2 21:48 ibdata1
>
> -rw-r----- 1 mysql mysql 50331648 Jan  2 21:48 ib_logfile0
>
> -rw-r----- 1 mysql mysql 50331648 Dec 25 23:05 ib_logfile1
>
> -rw-r----- 1 mysql mysql 12582912 Jan  2 14:45 ibtmp1
>
> drwxr-x--- 2 mysql mysql     4096 Dec 25 23:05 mysql
>
> drwxr-x--- 2 mysql mysql     4096 Dec 25 23:05 performance_schema
>
> drwxr-x--- 2 mysql mysql     4096 Jan  2 21:48 snort
>
> drwxr-x--- 2 mysql mysql    12288 Dec 25 23:05 sys
>
>
>
> ------------------------------------------------------------
> ------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today. http://sdm.link/xeonphi
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170116/70f6e3f6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 64974 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170116/70f6e3f6/attachment.png>


More information about the Snort-users mailing list