Snort mailing list archives
RE: OT: Help with Barnyard
From: "Gordon Cunningham" <gcunnin2 () bellsouth net>
Date: Thu, 10 Apr 2003 12:15:31 -0400
Ralf, I need to pass a --with-mysql-libraries=DIR to the configure and have been unable to do so using the rpmbuild util. Without it I get: checking for mysql_connect in -lmysqlclient... no ********************************************** ERROR: unable to find mysqlclient library checked in the following places /usr/lib/mysql ********************************************** How difficult would it be to make the RH7.3 RPM? Does everyone go through this with Barnyard, or is there something "special" with my installation? - Gordon -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ralf Spenneberg Sent: Thursday, April 10, 2003 11:29 AM To: gcunnin2 () bellsouth net Cc: SnortUsers Subject: RE: [Snort-users] OT: Help with Barnyard Am Don, 2003-04-10 um 16.46 schrieb Gordon Cunningham:
I appreciate your help, Ralf. When I try to install the RPM, I get the following: error: failed dependencies: libc.so.6(GLIBC_2.3) is needed by barnyard-0.1.0-1
Oh. Ok. The RPM was compiled on Redhat 8.0. Either get http://www.spenneberg.com/redirect.php?url=public/SRPMS/barnyard-0.1.0-1.src .rpm and do rpmbuild --rebuild barnyard-0.1.0-1.src.rpm or (or if it fails) contact me again and I will build a barnyard RPM for RedHat 7.3 Cheers, Ralf
I have glibc 2.2.5-43 and libc.so.6 is present on this RH 7.3 machine - there is no glibc 2.3 available for RH 7.3 unless I recompile from source. Is that going to be necessary? If so, I'll have to also upgrade my gcc compiler and I'm not sure what else will break... it's got to be easier than this. Using MySQL version 11.18 dist 3.23.54... I've tried different sites for the barnyard source. When I try to "make" barnyard 0.1.0 after a "configure -enable-mysql", this is the result: make all-recursive make[1]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0' Making all in src make[2]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src' Making all in output-plugins make[3]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins' Making all in input-plugins make[3]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins' make[3]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src' gcc -g -O2 -Wall -L/usr/lib/mysql -o barnyard barnyard.o configparse.o mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o classification.o output-plugins/libop.a
input-plugins/libdp.a -lmysqlclient
/usr/lib/mysql/libmysqlclient.a(my_compress.o): In function
`my_uncompress':
my_compress.o(.text+0xaa): undefined reference to `uncompress' /usr/lib/mysql/libmysqlclient.a(my_compress.o): In function `my_compress_alloc': my_compress.o(.text+0x13c): undefined reference to `compress' collect2: ld returned 1 exit status make[3]: *** [barnyard] Error 1 make[3]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0' make: *** [all-recursive-am] Error 2 - Gordon -----Original Message----- From: Ralf Spenneberg [mailto:mct () spenneberg de] Sent: Thursday, April 10, 2003 12:44 AM To: gcunnin2 () bellsouth net Cc: SnortUsers Subject: RE: [Snort-users] OT: Help with Barnyard Am Mit, 2003-04-09 um 16.38 schrieb Gordon Cunningham:Ralf, Thanks for responding. (Just tried recompiling and I'm now getting an error - undef ref to my_compress - will look into this) Yes, barnyard was compiled with MySQL support and appears to connect to MySQL just fine, but always has an undefined output plugin error. classificaton.config is in the same subdir as the .map files. I'm
testing
snort 1.9.1 on RedHat 7.3 with latest patches - single NIC at the
moment.
Idid note the different naming of the output plugin (config file
originally
had alert_acid_db or log_acid_db instead of op_acid_db), but neitherworks.How do I configure the output plugins, or are they supposed to beautomatic? The plugins are configured using the following lines: output alert_acid_db: mysql, sensor_id 1, database sensors, server localhost, user xxxx, password secret output log_acid_db: mysql, sensor_id 1, database sensors, server localhost, user xxxx, detail full, password secret It works fine using my RPM.# output op_acid_db: mysql, sensor_id 1, database snort, server
localhost,
user XXXX, password XXXX output op_acid_db: mysql, sensor_id 1, database snort, server localhost, user XXXX, password XXXX, detail fullCould you send the exact error messages when compiling? Maybe you want to start with a fresh source. Otherwise try my RPM package http://www.spenneberg.com/6.html?subject=%2FIDS%2F Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org
-- Ralf Spenneberg RHCE, RHCX IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: OT: Help with Barnyard Ralf Spenneberg (Apr 08)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 09)
- RE: OT: Help with Barnyard Ralf Spenneberg (Apr 09)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 10)
- RE: OT: Help with Barnyard Ralf Spenneberg (Apr 10)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 10)
- RE: OT: Help with Barnyard Ralf Spenneberg (Apr 10)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 10)
- RE: OT: Help with Barnyard Ralf Spenneberg (Apr 09)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 09)
- <Possible follow-ups>
- Re: OT: Help with Barnyard Ralf Spenneberg (Apr 10)