[Snort-users] Trouble in the Barnyard

Bob Baller bobballer at ...15978...
Tue Jan 17 21:29:31 EST 2017


James;
It appears that all of the items you identify below are installed but are a more recent version -

 I have the following installed:
libmysqlclient-dev	ver 5.7.16=0ubuntu0.16.04.1
libmysqlclient20	ver 5.7.16=0ubuntu0.16.04.1
mysql-client		ver 5.7.16=0ubuntu0.16.04.1
mysql-client-5.7	ver 5.7.16=0ubuntu0.16.04.1
mysql-client-core-5.7	ver 5.7.16=0ubuntu0.16.04.1





-----Original Message-----
From: James Lay [mailto:jlay at ...13475...] 
Sent: Monday, January 16, 2017 6:00 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Trouble in the Barnyard

You need mysqlclient installed, not just server...barnyard is acting as the client:

ii  libmysqlclient-dev
ii  libmysqlclient18:amd64
ii  mysql-client
ii  mysql-client-5.5
ii  mysql-client-core-5.5

James

On 2017-01-16 12:32, Bob Baller wrote:
> Well there is a big difference...  Here is what I see:
> 
> ldd barnyard2
> 	linux-gate.so.1 =>  (0xb7751000)
> 	libpcap.so.0.8 => /usr/lib/i386-linux-gnu/libpcap.so.0.8 (0xb76ed000)
> 	libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xb7698000)
> 	libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb74e1000)
> 	/lib/ld-linux.so.2 (0x80068000)
> 
> -----Original Message-----
> From: James Lay [mailto:jlay at ...13475...]
> Sent: Monday, January 16, 2017 11:53 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Trouble in the Barnyard
> 
> Verify barnyard is compiled against mysql with:
> 
>   ldd `which barnyard2`
>          linux-vdso.so.1 =>  (0x00007ffe7b9a4000)
>          libmysqlclient.so.18 =>
> /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18 (0x00007fd8909ca000)
>          libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
> (0x00007fd89078c000)
>          libbroccoli.so.5 => /usr/local/lib/libbroccoli.so.5
> (0x00007fd89056a000)
>          libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6
> (0x00007fd890264000)
>          libtcl8.5.so => /usr/local/lib/libtcl8.5.so
> (0x00007fd88ff47000)
>          libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
> (0x00007fd88fb82000)
>          libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1
> (0x00007fd88f969000)
>          libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x00007fd88f765000)
>          libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x00007fd88f547000)
>          libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
> (0x00007fd88f2e8000)
>          libcrypto.so.1.0.0 => 
> /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
> (0x00007fd88ef0c000)
>          /lib64/ld-linux-x86-64.so.2 (0x00007fd890f03000)
> 
> James
> 
> 
> On 2017-01-16 10:41, Bob Baller wrote:
>> Thanks again.  Yes I run make and sudo make install each time
>> 
>> I went back and moved the binary from barnyard2 to barnyard2.bak and 
>> then confirmed that it had been renamed.  I ran the configuration 
>> again exactly as you describe below, then performed the make and sudo 
>> make install.  I then confirmed that a new binary had been created.
>> 
>> Running Barnyard2 resulted in the same error.
>> 
>>  There were no outright ‘errors’ in the output for ‘sudo  make 
>> install’ but it repeatedly displays “Nothing to be done for “…”
>> throughout the output.  The output is similar for the make command.
>> 
>> bob at ...17738... //home/bob/Downloads/Barnyard2/barnyard2-master $ sudo 
>> make install
>> 
>> Making install in src
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
>> 
>> Making install in sfutil
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
>> 
>> make[3]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
>> 
>> make[3]: Nothing to be done for 'install-exec-am'.
>> 
>> make[3]: Nothing to be done for 'install-data-am'.
>> 
>> make[3]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/sfutil'
>> 
>> Making install in output-plugins
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
>> 
>> make[3]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
>> 
>> make[3]: Nothing to be done for 'install-exec-am'.
>> 
>> make[3]: Nothing to be done for 'install-data-am'.
>> 
>> make[3]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/output-plugins'
>> 
>> Making install in input-plugins
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
>> 
>> make[3]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
>> 
>> make[3]: Nothing to be done for 'install-exec-am'.
>> 
>> make[3]: Nothing to be done for 'install-data-am'.
>> 
>> make[3]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src/input-plugins'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
>> 
>> make[3]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
>> 
>>  /bin/mkdir -p '/usr/local/bin'
>> 
>>   /bin/bash ../libtool   --mode=install /usr/bin/install -c barnyard2
>> '/usr/local/bin'
>> 
>> libtool: install: /usr/bin/install -c barnyard2
>> /usr/local/bin/barnyard2
>> 
>> make[3]: Nothing to be done for 'install-data-am'.
>> 
>> make[3]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/src'
>> 
>> Making install in etc
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
>> 
>> make[2]: Nothing to be done for 'install-exec-am'.
>> 
>> test -e /usr/local/etc || \
>> 
>>             /bin/bash
>> //home/bob/Downloads/Barnyard2/barnyard2-master/install-sh -d 
>> /usr/local/etc
>> 
>> test -e /usr/local/etc/barnyard2.conf || \
>> 
>>             /usr/bin/install -c -m 644 -m 600 ../etc/barnyard2.conf \
>> 
>>             /usr/local/etc/barnyard2.conf
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/etc'
>> 
>> Making install in doc
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
>> 
>> make[2]: Nothing to be done for 'install-exec-am'.
>> 
>> make[2]: Nothing to be done for 'install-data-am'.
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/doc'
>> 
>> Making install in rpm
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
>> 
>> make[2]: Nothing to be done for 'install-exec-am'.
>> 
>> make[2]: Nothing to be done for 'install-data-am'.
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/rpm'
>> 
>> Making install in schemas
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
>> 
>> make[2]: Nothing to be done for 'install-exec-am'.
>> 
>> make[2]: Nothing to be done for 'install-data-am'.
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/schemas'
>> 
>> Making install in m4
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
>> 
>> make[2]: Nothing to be done for 'install-exec-am'.
>> 
>> make[2]: Nothing to be done for 'install-data-am'.
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master/m4'
>> 
>> make[1]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master'
>> 
>> make[2]: Entering directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master'
>> 
>> make[2]: Nothing to be done for 'install-exec-am'.
>> 
>> make[2]: Nothing to be done for 'install-data-am'.
>> 
>> make[2]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master'
>> 
>> make[1]: Leaving directory
>> '/home/bob/Downloads/Barnyard2/barnyard2-master'
>> 
>> Then, just to make absolutely sure, I removed the barnyard2 binary 
>> and tried rerunning barnyard2 – and it couldn’t find it.
>> 
>> So, if the ‘Nothing to be done…’ statements in the sudo make install 
>> output are not signs of a problem,  Is there something specific I 
>> should look for in the config file?
>> 
>> Here is the output statement from that file:    output database: log,
>> mysql, user=snort password=*********** dbname=snort host=localhost
>> 
>> FROM: Noah Dietrich [mailto:noah_dietrich at ...17393...]
>> SENT: Monday, January 16, 2017 6:28 AM
>> TO: Bob Baller
>> CC: snort-users at lists.sourceforge.net
>> SUBJECT: Re: [Snort-users] Trouble in the Barnyard
>> 
>> the output you show from ./configure looks correct (the line that 
>> shows "CHECKING FOR MYSQL... YES" is what you're looking for).
>> 
>> after you run: ./configure --with-mysql 
>> --with-mysql-libraries=/usr/lib/i386-linux-gnu (note you don't need 
>> to run this as sudo), are you running MAKE and then SUDO MAKE INSTALL?
>> 
>> I would try moving the current barnyard2 binary (navigate to the
>> banryard2 folder, then run SUDO MV BARNYARD2 BARNYARD2.BAK) to ensure 
>> you're working with the newly compiled barnyard2, and try these steps 
>> to configure, compile, and install barnyard2:
>> 
>> cd ~/Downloads/Barnyard2/barnyard2-master
>> 
>> ./configure --with-mysql
>> --with-mysql-libraries=/usr/lib/i386-linux-gnu
>> 
>> make
>> 
>> sudo make install
>> 
>> ensure there are no errors during the MAKE stage or the SUDO MAKE 
>> INSTALL stage. When done with these steps, you should be able to run 
>> barnyard2. if it doesn't run, then there is an issue with your 
>> configuration / build.
>> 
>> Noah
>> 
>> On Wed, Jan 11, 2017 at 4:43 AM, Bob Baller <bobballer at ...15978...> wrote:
>> 
>> I’ve been attempting to install Barnyard2 for a while and seem to be 
>> stuck.  I’ve tried to research the problem but haven’t found a 
>> solution, although the problem seems to have been reported on a 
>> number of different sites including this one.  The problem is that I 
>> get the following error when I attempt to run Barnyard2:
>> 
>> ‘ERROR DATABASE: 'MYSQL' SUPPORT IS NOT COMPILED INTO THIS BUILD OF 
>> BARNYARD2’
>> 
>> The info below provides more on what I have done, and the results of
>> some of the commands.    As indicated, I’ve tried numerous
>> variations on the configuration of Barnyard2 and nothing seems to 
>> work up to this point.  Snort however appears to be working fine and 
>> is able to write data to the U2 files.
>> 
>> Snort works fine and writes data to the u2 file.  MySQL appears to be 
>> set up correctly  however Barnyard fails as soon as I run it, each 
>> time with the same error.
>> 
>> I am working with the following:
>> 
>> ·         Linux Mint ver 18 32bit
>> 
>> ·         MySql ver 5.7.16-0ubuntu0.16.04.1
>> 
>> ·         Snort ver 2.9.7.0-5
>> 
>> ·         Barnyard2 ver 2.1.14 Build 339
>> 
>> Hopefully someone can see something in the information below that 
>> would make sense.  I would appreciate any help.
>> 
>> Below is the output from my attempt to run Barnyard2
>> 
>> bob at ...17738... ~/Downloads/Barnyard2/barnyard2-master $ sudo barnyard2 -c 
>> /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w 
>> /var/log/snort/barnyard2.waldo -g snort -u snort
>> 
>> Running in Continuous mode
>> 
>>         --== Initializing Barnyard2 ==--
>> 
>> Initializing Input Plugins!
>> 
>> Initializing Output Plugins!
>> 
>> Parsing config file "/etc/snort/barnyard2.conf"
>> 
>> +[ Signature Suppress list ]+
>> 
>> ----------------------------
>> 
>> +[No entry in Signature Suppress List]+
>> 
>> ----------------------------
>> 
>> +[ Signature Suppress list ]+
>> 
>> Barnyard2 spooler: Event cache size set to [2048]
>> 
>> Log directory = /var/log/barnyard2
>> 
>> ERROR database: 'mysql' support is not compiled into this build of
>> barnyard2
>> 
>> ERROR: If this build of barnyard2 was obtained as a binary 
>> distribution (e.g., rpm,
>> 
>> or Windows), then check for alternate builds that contains the 
>> necessary
>> 
>> 'mysql' support.
>> 
>> If this build of barnyard2 was compiled by you, then re-run the
>> 
>> the ./configure script using the '--with-mysql' switch.
>> 
>> For non-standard installations of a database, the '--with-mysql=DIR'
>> 
>> syntax may need to be used to specify the base directory of the DB 
>> install.
>> 
>> See the database documentation for cursory details 
>> (doc/README.database).
>> 
>> and the URL to the most recent database plugin documentation.
>> 
>> Fatal Error, Quitting..
>> 
>> Barnyard2 exiting
>> 
>> =====================================================================
>> =
>> =========
>> 
>> Record Totals:
>> 
>>    Records:           0
>> 
>>    Events:           0 (0.000%)
>> 
>>    Packets:           0 (0.000%)
>> 
>>    Unknown:           0 (0.000%)
>> 
>>    Suppressed:           0 (0.000%)
>> 
>> =====================================================================
>> =
>> =========
>> 
>> Packet breakdown by protocol (includes rebuilt packets):
>> 
>>       ETH: 0          (0.000%)
>> 
>>   ETHdisc: 0          (0.000%)
>> 
>>      VLAN: 0          (0.000%)
>> 
>>      IPV6: 0          (0.000%)
>> 
>>   IP6 EXT: 0          (0.000%)
>> 
>>   IP6opts: 0          (0.000%)
>> 
>>   IP6disc: 0          (0.000%)
>> 
>>       IP4: 0          (0.000%)
>> 
>>   IP4disc: 0          (0.000%)
>> 
>>     TCP 6: 0          (0.000%)
>> 
>>     UDP 6: 0          (0.000%)
>> 
>>     ICMP6: 0          (0.000%)
>> 
>>   ICMP-IP: 0          (0.000%)
>> 
>>       TCP: 0          (0.000%)
>> 
>>       UDP: 0          (0.000%)
>> 
>>      ICMP: 0          (0.000%)
>> 
>>   TCPdisc: 0          (0.000%)
>> 
>>   UDPdisc: 0          (0.000%)
>> 
>>   ICMPdis: 0          (0.000%)
>> 
>>      FRAG: 0          (0.000%)
>> 
>>    FRAG 6: 0          (0.000%)
>> 
>>       ARP: 0          (0.000%)
>> 
>>     EAPOL: 0          (0.000%)
>> 
>>   ETHLOOP: 0          (0.000%)
>> 
>>       IPX: 0          (0.000%)
>> 
>>     OTHER: 0          (0.000%)
>> 
>>   DISCARD: 0          (0.000%)
>> 
>> InvChkSum: 0          (0.000%)
>> 
>>    S5 G 1: 0          (0.000%)
>> 
>>    S5 G 2: 0          (0.000%)
>> 
>>     Total: 0
>> 
>> =====================================================================
>> =
>> =========
>> 
>> Below is the output from running the configure command.  I have tried 
>> this using it as shown below as well as using it with the following 
>> '--with-mysql' commands:  ('--with-mysql=/usr/'; 
>> '--with-mysql=/var/lib/mysql' ; '--with-mysql=/usr/lib/mysql/plugin'
>> and '--with-mysql:/usr/share/mysql/)
>> 
>> bob at ...17738... ~/Downloads/Barnyard2/barnyard2-master $ sudo ./configure 
>> --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
>> 
>> checking for a BSD-compatible install... /usr/bin/install -c
>> 
>> checking whether build environment is sane... yes
>> 
>> checking for a thread-safe mkdir -p... /bin/mkdir -p
>> 
>> checking for gawk... gawk
>> 
>> checking whether make sets $(MAKE)... yes
>> 
>> checking whether make supports nested variables... yes
>> 
>> checking build system type... i686-pc-linux-gnu
>> 
>> checking host system type... i686-pc-linux-gnu
>> 
>> checking how to print strings... printf
>> 
>> checking for style of include used by make... GNU
>> 
>> checking for gcc... gcc
>> 
>> checking whether the C compiler works... yes
>> 
>> checking for C compiler default output file name... a.out
>> 
>> checking for suffix of executables...
>> 
>> checking whether we are cross compiling... no
>> 
>> checking for suffix of object files... o
>> 
>> checking whether we are using the GNU C compiler... yes
>> 
>> checking whether gcc accepts -g... yes
>> 
>> checking for gcc option to accept ISO C89... none needed
>> 
>> checking whether gcc understands -c and -o together... yes
>> 
>> checking dependency style of gcc... none
>> 
>> checking for a sed that does not truncate output... /bin/sed
>> 
>> checking for grep that handles long lines and -e... /bin/grep
>> 
>> checking for egrep... /bin/grep -E
>> 
>> checking for fgrep... /bin/grep -F
>> 
>> checking for ld used by gcc... /usr/bin/ld
>> 
>> checking if the linker (/usr/bin/ld) is GNU ld... yes
>> 
>> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
>> 
>> checking the name lister (/usr/bin/nm -B) interface... BSD nm
>> 
>> checking whether ln -s works... yes
>> 
>> checking the maximum length of command line arguments... 1572864
>> 
>> checking how to convert i686-pc-linux-gnu file names to 
>> i686-pc-linux-gnu format... func_convert_file_noop
>> 
>> checking how to convert i686-pc-linux-gnu file names to toolchain 
>> format... func_convert_file_noop
>> 
>> checking for /usr/bin/ld option to reload object files... -r
>> 
>> checking for objdump... objdump
>> 
>> checking how to recognize dependent libraries... pass_all
>> 
>> checking for dlltool... no
>> 
>> checking how to associate runtime and link libraries... printf %s\n
>> 
>> checking for ar... ar
>> 
>> checking for archiver @FILE support... @
>> 
>> checking for strip... strip
>> 
>> checking for ranlib... ranlib
>> 
>> checking command to parse /usr/bin/nm -B output from gcc object... ok
>> 
>> checking for sysroot... no
>> 
>> checking for a working dd... /bin/dd
>> 
>> checking how to truncate binary pipes... /bin/dd bs=4096 count=1
>> 
>> checking for mt... mt
>> 
>> checking if mt is a manifest tool... no
>> 
>> checking how to run the C preprocessor... gcc -E
>> 
>> checking for ANSI C header files... yes
>> 
>> checking for sys/types.h... yes
>> 
>> checking for sys/stat.h... yes
>> 
>> checking for stdlib.h... yes
>> 
>> checking for string.h... yes
>> 
>> checking for memory.h... yes
>> 
>> checking for strings.h... yes
>> 
>> checking for inttypes.h... yes
>> 
>> checking for stdint.h... yes
>> 
>> checking for unistd.h... yes
>> 
>> checking for dlfcn.h... yes
>> 
>> checking for objdir... .libs
>> 
>> checking if gcc supports -fno-rtti -fno-exceptions... no
>> 
>> checking for gcc option to produce PIC... -fPIC -DPIC
>> 
>> checking if gcc PIC flag -fPIC -DPIC works... yes
>> 
>> checking if gcc static flag -static works... yes
>> 
>> checking if gcc supports -c -o file.o... yes
>> 
>> checking if gcc supports -c -o file.o... (cached) yes
>> 
>> checking whether the gcc linker (/usr/bin/ld) supports shared 
>> libraries... yes
>> 
>> checking whether -lc should be explicitly linked in... no
>> 
>> checking dynamic linker characteristics... GNU/Linux ld.so
>> 
>> checking how to hardcode library paths into programs... immediate
>> 
>> checking whether stripping libraries is possible... yes
>> 
>> checking if libtool supports shared libraries... yes
>> 
>> checking whether to build shared libraries... yes
>> 
>> checking whether to build static libraries... yes
>> 
>> checking whether to enable maintainer-specific portions of 
>> Makefiles... no
>> 
>> checking for gcc option to accept ISO C99... none needed
>> 
>> checking for gcc option to accept ISO Standard C... (cached) none 
>> needed
>> 
>> checking for gcc... (cached) gcc
>> 
>> checking whether we are using the GNU C compiler... (cached) yes
>> 
>> checking whether gcc accepts -g... (cached) yes
>> 
>> checking for gcc option to accept ISO C89... (cached) none needed
>> 
>> checking whether gcc understands -c and -o together... (cached) yes
>> 
>> checking dependency style of gcc... (cached) none
>> 
>> checking whether byte ordering is bigendian... no
>> 
>> checking for bison... bison
>> 
>> checking for flex... flex
>> 
>> checking for strings.h... (cached) yes
>> 
>> checking for string.h... (cached) yes
>> 
>> checking for stdlib.h... (cached) yes
>> 
>> checking for unistd.h... (cached) yes
>> 
>> checking sys/sockio.h usability... no
>> 
>> checking sys/sockio.h presence... no
>> 
>> checking for sys/sockio.h... no
>> 
>> checking paths.h usability... yes
>> 
>> checking paths.h presence... yes
>> 
>> checking for paths.h... yes
>> 
>> checking for inttypes.h... (cached) yes
>> 
>> checking wchar.h usability... yes
>> 
>> checking wchar.h presence... yes
>> 
>> checking for wchar.h... yes
>> 
>> checking math.h usability... yes
>> 
>> checking math.h presence... yes
>> 
>> checking for math.h... yes
>> 
>> checking for floor in -lm... yes
>> 
>> checking for ceil in -lm... yes
>> 
>> checking for inet_ntoa in -lnsl... yes
>> 
>> checking for socket in -lsocket... no
>> 
>> checking whether printf must be declared... no
>> 
>> checking whether fprintf must be declared... no
>> 
>> checking whether syslog must be declared... no
>> 
>> checking whether puts must be declared... no
>> 
>> checking whether fputs must be declared... no
>> 
>> checking whether fputc must be declared... no
>> 
>> checking whether fopen must be declared... no
>> 
>> checking whether fclose must be declared... no
>> 
>> checking whether fwrite must be declared... no
>> 
>> checking whether fflush must be declared... no
>> 
>> checking whether getopt must be declared... no
>> 
>> checking whether bzero must be declared... no
>> 
>> checking whether bcopy must be declared... no
>> 
>> checking whether memset must be declared... no
>> 
>> checking whether strtol must be declared... no
>> 
>> checking whether strcasecmp must be declared... no
>> 
>> checking whether strncasecmp must be declared... no
>> 
>> checking whether strerror must be declared... no
>> 
>> checking whether perror must be declared... no
>> 
>> checking whether socket must be declared... no
>> 
>> checking whether sendto must be declared... no
>> 
>> checking whether vsnprintf must be declared... no
>> 
>> checking whether snprintf must be declared... no
>> 
>> checking whether strtoul must be declared... no
>> 
>> checking for snprintf... yes
>> 
>> checking for strlcpy... no
>> 
>> checking for strlcat... no
>> 
>> checking for strerror... yes
>> 
>> checking for vswprintf... yes
>> 
>> checking for wprintf... yes
>> 
>> checking size of char... 1
>> 
>> checking size of short... 2
>> 
>> checking size of int... 4
>> 
>> checking size of long int... 4
>> 
>> checking size of long long int... 8
>> 
>> checking size of unsigned int... 4
>> 
>> checking size of unsigned long int... 4
>> 
>> checking size of unsigned long long int... 8
>> 
>> checking for u_int8_t... yes
>> 
>> checking for u_int16_t... yes
>> 
>> checking for u_int32_t... yes
>> 
>> checking for u_int64_t... yes
>> 
>> checking for uint8_t... yes
>> 
>> checking for uint16_t... yes
>> 
>> checking for uint32_t... yes
>> 
>> checking for uint64_t... yes
>> 
>> checking for int8_t... yes
>> 
>> checking for int16_t... yes
>> 
>> checking for int32_t... yes
>> 
>> checking for int64_t... yes
>> 
>> checking for INADDR_NONE... yes
>> 
>> checking for __FUNCTION__... yes
>> 
>> checking pcap.h usability... yes
>> 
>> checking pcap.h presence... yes
>> 
>> checking for pcap.h... yes
>> 
>> checking for pcap_datalink in -lpcap... yes
>> 
>> checking for sparc... no
>> 
>> checking for mysql... yes
>> 
>> checking for compress in -lz... yes
>> 
>> checking for mysql default client reconnect... no
>> 
>> checking for mysql reconnect option... yes
>> 
>> checking for mysql setting of reconnect option before connect bug...
>> no
>> 
>> checking for linuxthreads... no
>> 
>> checking that generated files are newer than configure... done
>> 
>> configure: creating ./config.status
>> 
>> config.status: creating Makefile
>> 
>> config.status: creating src/Makefile
>> 
>> config.status: creating src/sfutil/Makefile
>> 
>> config.status: creating src/input-plugins/Makefile
>> 
>> config.status: creating src/output-plugins/Makefile
>> 
>> config.status: creating etc/Makefile
>> 
>> config.status: creating doc/Makefile
>> 
>> config.status: creating rpm/Makefile
>> 
>> config.status: creating schemas/Makefile
>> 
>> config.status: creating m4/Makefile
>> 
>> config.status: creating config.h
>> 
>> config.status: config.h is unchanged
>> 
>> config.status: executing depfiles commands
>> 
>> config.status: executing libtool commands
>> 
>> Below is is info from MySql showing the tables and variables from the 
>> snort database:
>> 
>> mysql> use snort
>> 
>> Reading table information for completion of table and column names
>> 
>> You can turn off this feature to get a quicker startup with -A
>> 
>> Database changed
>> 
>> mysql> SHOW TABLES;
>> 
>> +------------------+
>> 
>> | Tables_in_snort  |
>> 
>> +------------------+
>> 
>> | data             |
>> 
>> | detail           |
>> 
>> | encoding         |
>> 
>> | event            |
>> 
>> | icmphdr          |
>> 
>> | iphdr            |
>> 
>> | opt              |
>> 
>> | reference        |
>> 
>> | reference_system |
>> 
>> | schema           |
>> 
>> | sensor           |
>> 
>> | sig_class        |
>> 
>> | sig_reference    |
>> 
>> | signature        |
>> 
>> | tcphdr           |
>> 
>> | udphdr           |
>> 
>> +------------------+
>> 
>> 16 rows in set (0.00 sec)
>> 
>> mysql> SHOW VARIABLES WHERE Variable_Name LIKE "%dir";
>> 
>> +---------------------------+----------------------------+
>> 
>> | Variable_name             | Value                      |
>> 
>> +---------------------------+----------------------------+
>> 
>> | basedir                   | /usr/                      |
>> 
>> | character_sets_dir        | /usr/share/mysql/charsets/ |
>> 
>> | datadir                   | /var/lib/mysql/            |
>> 
>> | innodb_data_home_dir      |                            |
>> 
>> | innodb_log_group_home_dir | ./                         |
>> 
>> | innodb_tmpdir             |                            |
>> 
>> | lc_messages_dir           | /usr/share/mysql/          |
>> 
>> | plugin_dir                | /usr/lib/mysql/plugin/     |
>> 
>> | slave_load_tmpdir         | /tmp                       |
>> 
>> | tmpdir                    | /tmp                       |
>> 
>> +---------------------------+----------------------------+
>> 
>> 10 rows in set (0.06 sec)
>> 
>> The image below is a screenshot showing the Snort.u2 logs contain 
>> data.
>> 
>> The text below is from the Barnyard2.conf file showing that the 
>> output database has been configured
>> 
>> Examples:
>> 
>> #   output database: log, mysql, user=root password=test dbname=db
>> host=localhost
>> 
>> #   output database: alert, postgresql, user=snort dbname=snort
>> 
>> #   output database: log, odbc, user=snort dbname=snort
>> 
>> #   output database: log, mssql, dbname=snort user=snort password=test
>> 
>> #   output database: log, oracle, dbname=snort user=snort
>> password=test
>> 
>> #
>> 
>> output database: log, mysql, user=snort password=*********** 
>> dbname=snort host=localhost
>> 
>> Below is the listing from /var/lib/mysql:This shows that the snort DB 
>> hasn't been accessed since Jan 2 (prior to my attempts to setup 
>> Barnyard2.
>> 
>> HP7620 mysql # dir -l
>> 
>> total 122912
>> 
>> -rw-r----- 1 mysql mysql       56 Dec 25 23:05 auto.cnf
>> 
>> -rw-r--r-- 1 root  root         0 Dec 25 23:05 debian-5.7.flag
>> 
>> -rw-r----- 1 mysql mysql      302 Jan  2 14:43 ib_buffer_pool
>> 
>> -rw-r----- 1 mysql mysql 12582912 Jan  2 21:48 ibdata1
>> 
>> -rw-r----- 1 mysql mysql 50331648 Jan  2 21:48 ib_logfile0
>> 
>> -rw-r----- 1 mysql mysql 50331648 Dec 25 23:05 ib_logfile1
>> 
>> -rw-r----- 1 mysql mysql 12582912 Jan  2 14:45 ibtmp1
>> 
>> drwxr-x--- 2 mysql mysql     4096 Dec 25 23:05 mysql
>> 
>> drwxr-x--- 2 mysql mysql     4096 Dec 25 23:05 performance_schema
>> 
>> drwxr-x--- 2 mysql mysql     4096 Jan  2 21:48 snort
>> 
>> drwxr-x--- 2 mysql mysql    12288 Dec 25 23:05 sys
>> 
>> ---------------------------------------------------------------------
>> -
>> -------- Developer Access Program for Intel Xeon Phi Processors 
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today. http://sdm.link/xeonphi 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest 
>> Snort news!
>> 
>> 
>> ---------------------------------------------------------------------
>> -
>> -------- Check out the vibrant tech community on one of the world's 
>> most engaging tech sites, SlashDot.org! http://sdm.link/slashdot 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest 
>> Snort news!
> 
> ----------------------------------------------------------------------
> -------- Check out the vibrant tech community on one of the world's 
> most engaging tech sites, SlashDot.org! http://sdm.link/slashdot 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!
> 
> 
> ----------------------------------------------------------------------
> -------- Check out the vibrant tech community on one of the world's 
> most engaging tech sites, SlashDot.org! http://sdm.link/slashdot 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list