Snort mailing list archives
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue
From: Jeremy Hoel <jthoel () gmail com>
Date: Thu, 30 Aug 2012 20:25:24 +0000
That's odd. We build regular boxes all the time, and i just did a few of the new snort builds and they didn't have any sql as part of the build './configure --enable-zlib --enable-reload --with-daq_includes=/usr/local/include --with-daq_libraries=/usr/local/lib --enable-perfprofiling --enable-ppm --enable-static-daq' and then we build barnyard with the sql bit './configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql --with-tcl=/usr/lib64' You are doing your own barnyard compile right? I noticed you use mssql.. i don't have any experiance with that part, but it should be close to the same. have you tried building barnyard again? Looking at the barnyard source, this does seem like a barnyard error src/output-plugins/spo_database.c: ErrorMessage("database: '%s' support is not compiled into this build of snort\n\n", type); On Thu, Aug 30, 2012 at 6:00 PM, Eric Biederman <Eric.Biederman () mrsassociates com> wrote:
My start script. /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/snort/barnyard2.conf" Log directory = /var/log/barnyard2 database: 'mssql' support is not compiled into this build of snort ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mssql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mssql' switch. For non-standard installations of a database, the '--with-mssql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation. Fatal Error, Quitting.. From: Jeremy Hoel [mailto:jthoel () gmail com] Sent: Thursday, August 30, 2012 1:58 PM To: Eric Biederman Subject: Re: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Can you copy and paste the exact error.. I'm willing to bet its barnyard2 that was compiled without the MySQL libraries. On Aug 30, 2012 1:45 PM, "Eric Biederman" <Eric.Biederman () mrsassociates com> wrote: I am having a problem where when I try to start my Barnyard2 system I am getting notified that my version of snort was not configured with mysql support and to recompile with this support. My understanding is that Snort 2.9.3.1 no longer handles mysql and leaves it to 3rd parties to deal with. My snort install runs fine to logs and I can start Barnyard without the mysql call with no apparent problems but once I add the mysql output back into my barnyard.conf file I am unable to start it CentOS6.2 Snort-2.9.3.1 BarnYard2 – 2.1.9 This is my first pass at implementing this configuration to replace a windows based snort and MSSQL system. I missing something easy? Thank you Eric This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 30)
- Message not available
- Message not available
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Jeremy Hoel (Aug 30)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Joel Esler (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Joel Esler (Aug 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 30)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Jeremy Hoel (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 31)
- Message not available
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 31)
- Message not available