[Snort-users] Trouble in the Barnyard

Bob Baller bobballer at ...15978...
Mon Jan 16 14:32:37 EST 2017


Well there is a big difference...  Here is what I see:

ldd barnyard2
	linux-gate.so.1 =>  (0xb7751000)
	libpcap.so.0.8 => /usr/lib/i386-linux-gnu/libpcap.so.0.8 (0xb76ed000)
	libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xb7698000)
	libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb74e1000)
	/lib/ld-linux.so.2 (0x80068000)

-----Original Message-----
From: James Lay [mailto:jlay at ...13475...] 
Sent: Monday, January 16, 2017 11:53 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Trouble in the Barnyard

Verify barnyard is compiled against mysql with:

  ldd `which barnyard2`
         linux-vdso.so.1 =>  (0x00007ffe7b9a4000)
         libmysqlclient.so.18 =>
/usr/lib/x86_64-linux-gnu/libmysqlclient.so.18 (0x00007fd8909ca000)
         libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
(0x00007fd89078c000)
         libbroccoli.so.5 => /usr/local/lib/libbroccoli.so.5
(0x00007fd89056a000)
         libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6
(0x00007fd890264000)
         libtcl8.5.so => /usr/local/lib/libtcl8.5.so (0x00007fd88ff47000)
         libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
(0x00007fd88fb82000)
         libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1
(0x00007fd88f969000)
         libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
(0x00007fd88f765000)
         libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007fd88f547000)
         libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
(0x00007fd88f2e8000)
         libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007fd88ef0c000)
         /lib64/ld-linux-x86-64.so.2 (0x00007fd890f03000)

James


On 2017-01-16 10:41, Bob Baller wrote:
> Thanks again.  Yes I run make and sudo make install each time
> 
> I went back and moved the binary from barnyard2 to barnyard2.bak and 
> then confirmed that it had been renamed.  I ran the configuration 
> again exactly as you describe below, then performed the make and sudo 
> make install.  I then confirmed that a new binary had been created.
> 
> Running Barnyard2 resulted in the same error.
> 
>  There were no outright ‘errors’ in the output for ‘sudo  make 
> install’ but it repeatedly displays “Nothing to be done for “…” 
> throughout the output.  The output is similar for the make command.
> 
> bob at ...17738... //home/bob/Downloads/Barnyard2/barnyard2-master $ sudo make 
> install
> 
> Making install in src
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
> 
> Making install in sfutil
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
> 
> make[3]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
> 
> make[3]: Nothing to be done for 'install-exec-am'.
> 
> make[3]: Nothing to be done for 'install-data-am'.
> 
> make[3]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
> 
> Making install in output-plugins
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
> 
> make[3]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
> 
> make[3]: Nothing to be done for 'install-exec-am'.
> 
> make[3]: Nothing to be done for 'install-data-am'.
> 
> make[3]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
> 
> Making install in input-plugins
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
> 
> make[3]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
> 
> make[3]: Nothing to be done for 'install-exec-am'.
> 
> make[3]: Nothing to be done for 'install-data-am'.
> 
> make[3]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
> 
> make[3]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
> 
>  /bin/mkdir -p '/usr/local/bin'
> 
>   /bin/bash ../libtool   --mode=install /usr/bin/install -c barnyard2
> '/usr/local/bin'
> 
> libtool: install: /usr/bin/install -c barnyard2
> /usr/local/bin/barnyard2
> 
> make[3]: Nothing to be done for 'install-data-am'.
> 
> make[3]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
> 
> Making install in etc
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
> 
> make[2]: Nothing to be done for 'install-exec-am'.
> 
> test -e /usr/local/etc || \
> 
>             /bin/bash
> //home/bob/Downloads/Barnyard2/barnyard2-master/install-sh -d 
> /usr/local/etc
> 
> test -e /usr/local/etc/barnyard2.conf || \
> 
>             /usr/bin/install -c -m 644 -m 600 ../etc/barnyard2.conf \
> 
>             /usr/local/etc/barnyard2.conf
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
> 
> Making install in doc
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
> 
> make[2]: Nothing to be done for 'install-exec-am'.
> 
> make[2]: Nothing to be done for 'install-data-am'.
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
> 
> Making install in rpm
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
> 
> make[2]: Nothing to be done for 'install-exec-am'.
> 
> make[2]: Nothing to be done for 'install-data-am'.
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
> 
> Making install in schemas
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
> 
> make[2]: Nothing to be done for 'install-exec-am'.
> 
> make[2]: Nothing to be done for 'install-data-am'.
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
> 
> Making install in m4
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
> 
> make[2]: Nothing to be done for 'install-exec-am'.
> 
> make[2]: Nothing to be done for 'install-data-am'.
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
> 
> make[1]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master'
> 
> make[2]: Entering directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master'
> 
> make[2]: Nothing to be done for 'install-exec-am'.
> 
> make[2]: Nothing to be done for 'install-data-am'.
> 
> make[2]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master'
> 
> make[1]: Leaving directory
> '/home/bob/Downloads/Barnyard2/barnyard2-master'
> 
> Then, just to make absolutely sure, I removed the barnyard2 binary and 
> tried rerunning barnyard2 – and it couldn’t find it.
> 
> So, if the ‘Nothing to be done…’ statements in the sudo make install 
> output are not signs of a problem,  Is there something specific I 
> should look for in the config file?
> 
> Here is the output statement from that file:    output database: log,
> mysql, user=snort password=*********** dbname=snort host=localhost
> 
> FROM: Noah Dietrich [mailto:noah_dietrich at ...17393...]
> SENT: Monday, January 16, 2017 6:28 AM
> TO: Bob Baller
> CC: snort-users at lists.sourceforge.net
> SUBJECT: Re: [Snort-users] Trouble in the Barnyard
> 
> the output you show from ./configure looks correct (the line that 
> shows "CHECKING FOR MYSQL... YES" is what you're looking for).
> 
> after you run: ./configure --with-mysql 
> --with-mysql-libraries=/usr/lib/i386-linux-gnu (note you don't need to 
> run this as sudo), are you running MAKE and then SUDO MAKE INSTALL?
> 
> I would try moving the current barnyard2 binary (navigate to the
> banryard2 folder, then run SUDO MV BARNYARD2 BARNYARD2.BAK) to ensure 
> you're working with the newly compiled barnyard2, and try these steps 
> to configure, compile, and install barnyard2:
> 
> cd ~/Downloads/Barnyard2/barnyard2-master
> 
> ./configure --with-mysql
> --with-mysql-libraries=/usr/lib/i386-linux-gnu
> 
> make
> 
> sudo make install
> 
> ensure there are no errors during the MAKE stage or the SUDO MAKE 
> INSTALL stage. When done with these steps, you should be able to run 
> barnyard2. if it doesn't run, then there is an issue with your 
> configuration / build.
> 
> Noah
> 
> On Wed, Jan 11, 2017 at 4:43 AM, Bob Baller <bobballer at ...15978...> wrote:
> 
> I’ve been attempting to install Barnyard2 for a while and seem to be 
> stuck.  I’ve tried to research the problem but haven’t found a 
> solution, although the problem seems to have been reported on a number 
> of different sites including this one.  The problem is that I get the 
> following error when I attempt to run Barnyard2:
> 
> ‘ERROR DATABASE: 'MYSQL' SUPPORT IS NOT COMPILED INTO THIS BUILD OF 
> BARNYARD2’
> 
> The info below provides more on what I have done, and the results of
> some of the commands.    As indicated, I’ve tried numerous
> variations on the configuration of Barnyard2 and nothing seems to work 
> up to this point.  Snort however appears to be working fine and is 
> able to write data to the U2 files.
> 
> Snort works fine and writes data to the u2 file.  MySQL appears to be 
> set up correctly  however Barnyard fails as soon as I run it, each 
> time with the same error.
> 
> I am working with the following:
> 
> ·         Linux Mint ver 18 32bit
> 
> ·         MySql ver 5.7.16-0ubuntu0.16.04.1
> 
> ·         Snort ver 2.9.7.0-5
> 
> ·         Barnyard2 ver 2.1.14 Build 339
> 
> Hopefully someone can see something in the information below that 
> would make sense.  I would appreciate any help.
> 
> Below is the output from my attempt to run Barnyard2
> 
> bob at ...17738... ~/Downloads/Barnyard2/barnyard2-master $ sudo barnyard2 -c 
> /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w 
> /var/log/snort/barnyard2.waldo -g snort -u snort
> 
> Running in Continuous mode
> 
>         --== Initializing Barnyard2 ==--
> 
> Initializing Input Plugins!
> 
> Initializing Output Plugins!
> 
> Parsing config file "/etc/snort/barnyard2.conf"
> 
> +[ Signature Suppress list ]+
> 
> ----------------------------
> 
> +[No entry in Signature Suppress List]+
> 
> ----------------------------
> 
> +[ Signature Suppress list ]+
> 
> Barnyard2 spooler: Event cache size set to [2048]
> 
> Log directory = /var/log/barnyard2
> 
> ERROR database: 'mysql' support is not compiled into this build of
> barnyard2
> 
> ERROR: If this build of barnyard2 was obtained as a binary 
> distribution (e.g., rpm,
> 
> or Windows), then check for alternate builds that contains the 
> necessary
> 
> 'mysql' support.
> 
> If this build of barnyard2 was compiled by you, then re-run the
> 
> the ./configure script using the '--with-mysql' switch.
> 
> For non-standard installations of a database, the '--with-mysql=DIR'
> 
> syntax may need to be used to specify the base directory of the DB 
> install.
> 
> See the database documentation for cursory details 
> (doc/README.database).
> 
> and the URL to the most recent database plugin documentation.
> 
> Fatal Error, Quitting..
> 
> Barnyard2 exiting
> 
> ======================================================================
> =========
> 
> Record Totals:
> 
>    Records:           0
> 
>    Events:           0 (0.000%)
> 
>    Packets:           0 (0.000%)
> 
>    Unknown:           0 (0.000%)
> 
>    Suppressed:           0 (0.000%)
> 
> ======================================================================
> =========
> 
> Packet breakdown by protocol (includes rebuilt packets):
> 
>       ETH: 0          (0.000%)
> 
>   ETHdisc: 0          (0.000%)
> 
>      VLAN: 0          (0.000%)
> 
>      IPV6: 0          (0.000%)
> 
>   IP6 EXT: 0          (0.000%)
> 
>   IP6opts: 0          (0.000%)
> 
>   IP6disc: 0          (0.000%)
> 
>       IP4: 0          (0.000%)
> 
>   IP4disc: 0          (0.000%)
> 
>     TCP 6: 0          (0.000%)
> 
>     UDP 6: 0          (0.000%)
> 
>     ICMP6: 0          (0.000%)
> 
>   ICMP-IP: 0          (0.000%)
> 
>       TCP: 0          (0.000%)
> 
>       UDP: 0          (0.000%)
> 
>      ICMP: 0          (0.000%)
> 
>   TCPdisc: 0          (0.000%)
> 
>   UDPdisc: 0          (0.000%)
> 
>   ICMPdis: 0          (0.000%)
> 
>      FRAG: 0          (0.000%)
> 
>    FRAG 6: 0          (0.000%)
> 
>       ARP: 0          (0.000%)
> 
>     EAPOL: 0          (0.000%)
> 
>   ETHLOOP: 0          (0.000%)
> 
>       IPX: 0          (0.000%)
> 
>     OTHER: 0          (0.000%)
> 
>   DISCARD: 0          (0.000%)
> 
> InvChkSum: 0          (0.000%)
> 
>    S5 G 1: 0          (0.000%)
> 
>    S5 G 2: 0          (0.000%)
> 
>     Total: 0
> 
> ======================================================================
> =========
> 
> Below is the output from running the configure command.  I have tried 
> this using it as shown below as well as using it with the following 
> '--with-mysql' commands:  ('--with-mysql=/usr/'; 
> '--with-mysql=/var/lib/mysql' ; '--with-mysql=/usr/lib/mysql/plugin'
> and '--with-mysql:/usr/share/mysql/)
> 
> bob at ...17738... ~/Downloads/Barnyard2/barnyard2-master $ sudo ./configure 
> --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
> 
> checking for a BSD-compatible install... /usr/bin/install -c
> 
> checking whether build environment is sane... yes
> 
> checking for a thread-safe mkdir -p... /bin/mkdir -p
> 
> checking for gawk... gawk
> 
> checking whether make sets $(MAKE)... yes
> 
> checking whether make supports nested variables... yes
> 
> checking build system type... i686-pc-linux-gnu
> 
> checking host system type... i686-pc-linux-gnu
> 
> checking how to print strings... printf
> 
> checking for style of include used by make... GNU
> 
> checking for gcc... gcc
> 
> checking whether the C compiler works... yes
> 
> checking for C compiler default output file name... a.out
> 
> checking for suffix of executables...
> 
> checking whether we are cross compiling... no
> 
> checking for suffix of object files... o
> 
> checking whether we are using the GNU C compiler... yes
> 
> checking whether gcc accepts -g... yes
> 
> checking for gcc option to accept ISO C89... none needed
> 
> checking whether gcc understands -c and -o together... yes
> 
> checking dependency style of gcc... none
> 
> checking for a sed that does not truncate output... /bin/sed
> 
> checking for grep that handles long lines and -e... /bin/grep
> 
> checking for egrep... /bin/grep -E
> 
> checking for fgrep... /bin/grep -F
> 
> checking for ld used by gcc... /usr/bin/ld
> 
> checking if the linker (/usr/bin/ld) is GNU ld... yes
> 
> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
> 
> checking the name lister (/usr/bin/nm -B) interface... BSD nm
> 
> checking whether ln -s works... yes
> 
> checking the maximum length of command line arguments... 1572864
> 
> checking how to convert i686-pc-linux-gnu file names to 
> i686-pc-linux-gnu format... func_convert_file_noop
> 
> checking how to convert i686-pc-linux-gnu file names to toolchain 
> format... func_convert_file_noop
> 
> checking for /usr/bin/ld option to reload object files... -r
> 
> checking for objdump... objdump
> 
> checking how to recognize dependent libraries... pass_all
> 
> checking for dlltool... no
> 
> checking how to associate runtime and link libraries... printf %s\n
> 
> checking for ar... ar
> 
> checking for archiver @FILE support... @
> 
> checking for strip... strip
> 
> checking for ranlib... ranlib
> 
> checking command to parse /usr/bin/nm -B output from gcc object... ok
> 
> checking for sysroot... no
> 
> checking for a working dd... /bin/dd
> 
> checking how to truncate binary pipes... /bin/dd bs=4096 count=1
> 
> checking for mt... mt
> 
> checking if mt is a manifest tool... no
> 
> checking how to run the C preprocessor... gcc -E
> 
> checking for ANSI C header files... yes
> 
> checking for sys/types.h... yes
> 
> checking for sys/stat.h... yes
> 
> checking for stdlib.h... yes
> 
> checking for string.h... yes
> 
> checking for memory.h... yes
> 
> checking for strings.h... yes
> 
> checking for inttypes.h... yes
> 
> checking for stdint.h... yes
> 
> checking for unistd.h... yes
> 
> checking for dlfcn.h... yes
> 
> checking for objdir... .libs
> 
> checking if gcc supports -fno-rtti -fno-exceptions... no
> 
> checking for gcc option to produce PIC... -fPIC -DPIC
> 
> checking if gcc PIC flag -fPIC -DPIC works... yes
> 
> checking if gcc static flag -static works... yes
> 
> checking if gcc supports -c -o file.o... yes
> 
> checking if gcc supports -c -o file.o... (cached) yes
> 
> checking whether the gcc linker (/usr/bin/ld) supports shared 
> libraries... yes
> 
> checking whether -lc should be explicitly linked in... no
> 
> checking dynamic linker characteristics... GNU/Linux ld.so
> 
> checking how to hardcode library paths into programs... immediate
> 
> checking whether stripping libraries is possible... yes
> 
> checking if libtool supports shared libraries... yes
> 
> checking whether to build shared libraries... yes
> 
> checking whether to build static libraries... yes
> 
> checking whether to enable maintainer-specific portions of 
> Makefiles... no
> 
> checking for gcc option to accept ISO C99... none needed
> 
> checking for gcc option to accept ISO Standard C... (cached) none 
> needed
> 
> checking for gcc... (cached) gcc
> 
> checking whether we are using the GNU C compiler... (cached) yes
> 
> checking whether gcc accepts -g... (cached) yes
> 
> checking for gcc option to accept ISO C89... (cached) none needed
> 
> checking whether gcc understands -c and -o together... (cached) yes
> 
> checking dependency style of gcc... (cached) none
> 
> checking whether byte ordering is bigendian... no
> 
> checking for bison... bison
> 
> checking for flex... flex
> 
> checking for strings.h... (cached) yes
> 
> checking for string.h... (cached) yes
> 
> checking for stdlib.h... (cached) yes
> 
> checking for unistd.h... (cached) yes
> 
> checking sys/sockio.h usability... no
> 
> checking sys/sockio.h presence... no
> 
> checking for sys/sockio.h... no
> 
> checking paths.h usability... yes
> 
> checking paths.h presence... yes
> 
> checking for paths.h... yes
> 
> checking for inttypes.h... (cached) yes
> 
> checking wchar.h usability... yes
> 
> checking wchar.h presence... yes
> 
> checking for wchar.h... yes
> 
> checking math.h usability... yes
> 
> checking math.h presence... yes
> 
> checking for math.h... yes
> 
> checking for floor in -lm... yes
> 
> checking for ceil in -lm... yes
> 
> checking for inet_ntoa in -lnsl... yes
> 
> checking for socket in -lsocket... no
> 
> checking whether printf must be declared... no
> 
> checking whether fprintf must be declared... no
> 
> checking whether syslog must be declared... no
> 
> checking whether puts must be declared... no
> 
> checking whether fputs must be declared... no
> 
> checking whether fputc must be declared... no
> 
> checking whether fopen must be declared... no
> 
> checking whether fclose must be declared... no
> 
> checking whether fwrite must be declared... no
> 
> checking whether fflush must be declared... no
> 
> checking whether getopt must be declared... no
> 
> checking whether bzero must be declared... no
> 
> checking whether bcopy must be declared... no
> 
> checking whether memset must be declared... no
> 
> checking whether strtol must be declared... no
> 
> checking whether strcasecmp must be declared... no
> 
> checking whether strncasecmp must be declared... no
> 
> checking whether strerror must be declared... no
> 
> checking whether perror must be declared... no
> 
> checking whether socket must be declared... no
> 
> checking whether sendto must be declared... no
> 
> checking whether vsnprintf must be declared... no
> 
> checking whether snprintf must be declared... no
> 
> checking whether strtoul must be declared... no
> 
> checking for snprintf... yes
> 
> checking for strlcpy... no
> 
> checking for strlcat... no
> 
> checking for strerror... yes
> 
> checking for vswprintf... yes
> 
> checking for wprintf... yes
> 
> checking size of char... 1
> 
> checking size of short... 2
> 
> checking size of int... 4
> 
> checking size of long int... 4
> 
> checking size of long long int... 8
> 
> checking size of unsigned int... 4
> 
> checking size of unsigned long int... 4
> 
> checking size of unsigned long long int... 8
> 
> checking for u_int8_t... yes
> 
> checking for u_int16_t... yes
> 
> checking for u_int32_t... yes
> 
> checking for u_int64_t... yes
> 
> checking for uint8_t... yes
> 
> checking for uint16_t... yes
> 
> checking for uint32_t... yes
> 
> checking for uint64_t... yes
> 
> checking for int8_t... yes
> 
> checking for int16_t... yes
> 
> checking for int32_t... yes
> 
> checking for int64_t... yes
> 
> checking for INADDR_NONE... yes
> 
> checking for __FUNCTION__... yes
> 
> checking pcap.h usability... yes
> 
> checking pcap.h presence... yes
> 
> checking for pcap.h... yes
> 
> checking for pcap_datalink in -lpcap... yes
> 
> checking for sparc... no
> 
> checking for mysql... yes
> 
> checking for compress in -lz... yes
> 
> checking for mysql default client reconnect... no
> 
> checking for mysql reconnect option... yes
> 
> checking for mysql setting of reconnect option before connect bug...
> no
> 
> checking for linuxthreads... no
> 
> checking that generated files are newer than configure... done
> 
> configure: creating ./config.status
> 
> config.status: creating Makefile
> 
> config.status: creating src/Makefile
> 
> config.status: creating src/sfutil/Makefile
> 
> config.status: creating src/input-plugins/Makefile
> 
> config.status: creating src/output-plugins/Makefile
> 
> config.status: creating etc/Makefile
> 
> config.status: creating doc/Makefile
> 
> config.status: creating rpm/Makefile
> 
> config.status: creating schemas/Makefile
> 
> config.status: creating m4/Makefile
> 
> config.status: creating config.h
> 
> config.status: config.h is unchanged
> 
> config.status: executing depfiles commands
> 
> config.status: executing libtool commands
> 
> Below is is info from MySql showing the tables and variables from the 
> snort database:
> 
> mysql> use snort
> 
> Reading table information for completion of table and column names
> 
> You can turn off this feature to get a quicker startup with -A
> 
> Database changed
> 
> mysql> SHOW TABLES;
> 
> +------------------+
> 
> | Tables_in_snort  |
> 
> +------------------+
> 
> | data             |
> 
> | detail           |
> 
> | encoding         |
> 
> | event            |
> 
> | icmphdr          |
> 
> | iphdr            |
> 
> | opt              |
> 
> | reference        |
> 
> | reference_system |
> 
> | schema           |
> 
> | sensor           |
> 
> | sig_class        |
> 
> | sig_reference    |
> 
> | signature        |
> 
> | tcphdr           |
> 
> | udphdr           |
> 
> +------------------+
> 
> 16 rows in set (0.00 sec)
> 
> mysql> SHOW VARIABLES WHERE Variable_Name LIKE "%dir";
> 
> +---------------------------+----------------------------+
> 
> | Variable_name             | Value                      |
> 
> +---------------------------+----------------------------+
> 
> | basedir                   | /usr/                      |
> 
> | character_sets_dir        | /usr/share/mysql/charsets/ |
> 
> | datadir                   | /var/lib/mysql/            |
> 
> | innodb_data_home_dir      |                            |
> 
> | innodb_log_group_home_dir | ./                         |
> 
> | innodb_tmpdir             |                            |
> 
> | lc_messages_dir           | /usr/share/mysql/          |
> 
> | plugin_dir                | /usr/lib/mysql/plugin/     |
> 
> | slave_load_tmpdir         | /tmp                       |
> 
> | tmpdir                    | /tmp                       |
> 
> +---------------------------+----------------------------+
> 
> 10 rows in set (0.06 sec)
> 
> The image below is a screenshot showing the Snort.u2 logs contain 
> data.
> 
> The text below is from the Barnyard2.conf file showing that the output 
> database has been configured
> 
> Examples:
> 
> #   output database: log, mysql, user=root password=test dbname=db
> host=localhost
> 
> #   output database: alert, postgresql, user=snort dbname=snort
> 
> #   output database: log, odbc, user=snort dbname=snort
> 
> #   output database: log, mssql, dbname=snort user=snort password=test
> 
> #   output database: log, oracle, dbname=snort user=snort
> password=test
> 
> #
> 
> output database: log, mysql, user=snort password=*********** 
> dbname=snort host=localhost
> 
> Below is the listing from /var/lib/mysql:This shows that the snort DB 
> hasn't been accessed since Jan 2 (prior to my attempts to setup 
> Barnyard2.
> 
> HP7620 mysql # dir -l
> 
> total 122912
> 
> -rw-r----- 1 mysql mysql       56 Dec 25 23:05 auto.cnf
> 
> -rw-r--r-- 1 root  root         0 Dec 25 23:05 debian-5.7.flag
> 
> -rw-r----- 1 mysql mysql      302 Jan  2 14:43 ib_buffer_pool
> 
> -rw-r----- 1 mysql mysql 12582912 Jan  2 21:48 ibdata1
> 
> -rw-r----- 1 mysql mysql 50331648 Jan  2 21:48 ib_logfile0
> 
> -rw-r----- 1 mysql mysql 50331648 Dec 25 23:05 ib_logfile1
> 
> -rw-r----- 1 mysql mysql 12582912 Jan  2 14:45 ibtmp1
> 
> drwxr-x--- 2 mysql mysql     4096 Dec 25 23:05 mysql
> 
> drwxr-x--- 2 mysql mysql     4096 Dec 25 23:05 performance_schema
> 
> drwxr-x--- 2 mysql mysql     4096 Jan  2 21:48 snort
> 
> drwxr-x--- 2 mysql mysql    12288 Dec 25 23:05 sys
> 
> ----------------------------------------------------------------------
> -------- Developer Access Program for Intel Xeon Phi Processors Access 
> to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today. http://sdm.link/xeonphi 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!
> 
> 
> ----------------------------------------------------------------------
> -------- Check out the vibrant tech community on one of the world's 
> most engaging tech sites, SlashDot.org! http://sdm.link/slashdot 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list