Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user

["Lars" <technicalfriend () yahoo com>]

Hi this is a follow-up after trying some of the steps recommended from the
other day to get my first build of Barnyard working with Snort so  we can
write Snort output to mysql, as a Snorby sensor.  There is a little progress
but sadly Barnyard2 is still not working, here is where we are now:

 

Joel said "Snort's support to directly write to a database is no longer an
option since Snort 2.9.2, if I recall correctly." 

We definitely agree and had read and expected that, however when we tried to
build Barnyard2 the error message Barnyard gave us then said "Snort was not
compiled to use mysql" and directed us to some steps to try and do that, so
it appears that message needs updated, so we got off-track a little while
with that, fyi.  We had started trying the -with-mysql option with barnyard
instead, leading to the following:

"Instead, you compile MySQL support with Barnyard2:

./configure --with-mysql --with-mysql-libraries=<path to the mysql libs>

In Snort, you would use unified2 as an output plugin to write unified2 logs
and have Barnyard2 parse these into the database. In the docs section on
Snort's website you will find step by step documentation on how to do that
on SuSE, 12.x as well as other OSs."

QUESTION:  Is "unified" required also to do this?  We had not seen that one
listed and have not added, it seemed like all we needed was what was listed
under the Snort requirements and Barnyard (knowing we had added mysql with
-dev libraries/header files..?  Sorry we are a bit lost with the big picture
of this larger process, there have been lots and lots of packages to go back
and add.

 

Also we followed this one other recommendation sent over:  "Then you will
need to make sure you have installed mysql client libraries and headers
(this is generaly mysql-dev package on most distro).

 

> From there you will need to make sure your mysql libraries are in your
libaries dynamic path.

 

ex: ldconfig -v | grep mysql"  

 

Our results here seem mixed, we are not sure it worked.  When first trying
it we had a lot of "graphviz" objects that it could not find.  We had
graphviz and its dev headers but we went ahead and added all those objects,
and it found mysql but there were keyring and some other items ldconfig had
trouble with - we are not sure how any of these applied or mattered, not
using?  We just wanted to send Snort log data over to mysql so Snorby could
read it, lost?  Our team at the college appreciates your help.   I plan on
making sure our entire process and all these requirements are documented
when all this is done, there has been so many steps.

 

 

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!