Snort mailing list archives
RE: barnyard errors
From: "Scott Renna" <srenna () d-a-s com>
Date: Thu, 17 Jul 2003 17:05:51 -0400
target=NONE verbose= x_includes=NONE ...skipping... CPPFLAGS="${CPPFLAGS} -DENABLE_MYSQL" *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: Bamm Visscher [mailto:bamm () satx rr com] Sent: Thursday, July 17, 2003 4:58 PM To: Scott Renna Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] barnyard errors In your 'configure' is your CPP_FLAGS include -DENABLE_MYSQL? Bammkkkk On Thu, Jul 17, 2003 at 04:56:12PM -0400, Scott Renna wrote:
Would you recommend I drop the version of mysql back down to 3.23? Will that solve the problem in this case ? Here's what my op_plugbase.c file looks like #ifdef ENABLE_MYSQL #include "op_acid_db.h" #endif #include "op_alert_csv.h" /* ----------------------- Global Data --------------------------*/ OutputPluginListNode *outputPlugins = NULL; /* ----------------------- Global Functions --------------------------*/ void LoadOutputPlugins() { LogMessage("Loading Built-in Output Plugins...\n"); AlertFastOpInit(); AlertSyslogOpInit(); LogDumpOpInit(); LogPcapOpInit(); #ifdef ENABLE_MYSQL AcidDbOpInit(); #endif AlertCSVOpInit(); return; it's located in the src directory right under barnyard...does it need to be moved elsewhere? *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: Bamm Visscher [mailto:bamm () satx rr com] Sent: Thursday, July 17, 2003 4:45 PM To: Scott Renna Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] barnyard errors I assume you did this because you are using mysql4? Sounds like that may be your problem. If ENABLE_MYSQL isn't defined correctly, then barnyard won't know op_acid_db exists: From op_plugbase.c - #ifdef ENABLE_MYSQL #include "op_acid_db.h" #endif Bammkkkk On Thu, Jul 17, 2003 at 04:41:55PM -0400, Scott Renna wrote:I acutally reconfiged barnyard with the --enable-mysql switch. It wasn't working initially, then someone else on the list recommended
I
locate the lines in the configure file and change them from mysql_connect to my_connect. After that, I was able to run configure
and install it. Is that the right way to go about this or no? Should I give it another go? *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bamm Visscher Sent: Thursday, July 17, 2003 4:25 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] barnyard errors Shot in the dark here, but are you sure mysql was enabled during the configure and subsequant make? If not, support for the op_acid
plugin
may not be there. Bammkkkk On Thu, Jul 17, 2003 at 03:51:53PM -0400, Scott Renna wrote:config hostname: xxxxxx config interface: dc0 config filter: not port 22 processor dp_alert processor dp_log processor dp_stream_stat output alert_fast output log_dump output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root, password xxxxxx output log_acid_db: mysql, database snort, server localhost, user root, password xxxxx, detail full I will change the user for database logging from root once it's all good and tidy. Am I supposed to have file names following the alert_fast and log_dump items? Initially I had /var/log/snort/fast.alert and /var/log/snort/log.dump Scott *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bamm
Visscher Sent: Thursday, July 17, 2003 3:26 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] barnyard errors Can you please include the uncommented portions of your barnyard.conf. Bammkkkk On Thu, Jul 17, 2003 at 03:07:49PM -0400, Scott Renna wrote:Ok, So i took a look at the config file and made some changes, but I'mstill running into weird errors when starting barnyard: -*> Barnyard! <*- Version 0.1.0 (Build 17) By Andrew R. Baker (andrewb () snort org) and Martin Roesch (roesch () sourcefire com, www.snort.org) Loading Data Processors... dp_alert loaded dp_log loaded dp_stream_stat loaded Loading Built-in Output Plugins... Fast Alert plugin initialized AlertSyslog initialized Log Dump plugin initialized LogPcap initialized AlertCSV initialized Parsing Config file: /usr/local/etc/barnyard.conf WARNING /usr/local/etc/barnyard.conf(135) => Unknown output plugin"alert_acid_db" referenced, ignoring!WARNING /usr/local/etc/barnyard.conf(136) => Unknown output plugin "log_acid_db" referenced, ignoring!Archive Directory is NULLConfigFile =/usr/local/etc/barnyard.conf LogDir=/var/log/snort/barnyard/Spool Dir=/var/log/snort Spool File=snort.alert Waldo File=/var/log/snort/waldo.log Sid File=/usr/local/etc/snort/sid-msg.map Gen File=/usr/local/etc/snort/gen-msg.map Hostname=bsdtest Interface=dc0 Filter=not port 22 Record Number: 0 Log Flag: 1 Verbosity Level=0 File Arg Start: 0 Dry Run mode enabled commandline: barnyard -c /usr/local/etc/barnyard.conf -f /var/log/snort.log -g /usr/local/etc/snort/gen-msg.map -s /usr/local/etc/snort/sid-msg.map -L /var/log/snort/barnyard/ -w /var/log/snort/waldo.log -R Here's the weird part, it says the spool file is snort.alert, however,my command line specifies that the spool file should be /var/log/snort.log Is there a good site or forum for troubleshooting Barnyard? Anyone got some ideas? Scott *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 ***************************------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard errors Scott Renna (Jul 17)
- Re: barnyard errors Bamm Visscher (Jul 17)
- RE: barnyard errors Scott Renna (Jul 17)
- Re: barnyard errors Bamm Visscher (Jul 17)
- RE: barnyard errors Scott Renna (Jul 17)
- Re: barnyard errors Bamm Visscher (Jul 17)
- RE: barnyard errors Scott Renna (Jul 17)
- Re: barnyard errors Bamm Visscher (Jul 17)
- RE: barnyard errors Scott Renna (Jul 17)
- Re: barnyard errors Bamm Visscher (Jul 17)
- RE: barnyard errors Scott Renna (Jul 17)
- Re: barnyard errors Bamm Visscher (Jul 17)
- answer for barnyard errors Jeff Nathan (Jul 17)