Snort mailing list archives
Re: More ACID BASE Help
From: Shaun Marlin <shaun.marlin () canalta com>
Date: Thu, 16 May 2013 21:14:10 +0000
When I ran that I got this root@SENTRY:/usr/src# find / -iname libmysql* /usr/lib/i386-linux-gnu/libmysqlclient_r.so /usr/lib/i386-linux-gnu/libmysqlclient.a /usr/lib/i386-linux-gnu/libmysqlclient.so.18.0.0 /usr/lib/i386-linux-gnu/libmysqlclient.so /usr/lib/i386-linux-gnu/libmysqlclient_r.a /usr/lib/i386-linux-gnu/libmysqlclient.so.18 /usr/lib/i386-linux-gnu/libmysqlclient_r.so.18 /usr/lib/i386-linux-gnu/libmysqlclient_r.so.18.0.0 /usr/lib/libreoffice/program/libmysqllo.so /usr/share/doc/libmysqlclient-dev /usr/share/doc/libmysqlclient18 /var/lib/dpkg/info/libmysqlclient-dev.list /var/lib/dpkg/info/libmysqlclient-dev.md5sums /var/lib/dpkg/info/libmysqlclient18:i386.md5sums /var/lib/dpkg/info/libmysqlclient18:i386.postinst /var/lib/dpkg/info/libmysqlclient18:i386.postrm /var/lib/dpkg/info/libmysqlclient18:i386.shlibs /var/lib/dpkg/info/libmysqlclient18:i386.list /var/cache/apt/archives/libmysqlclient18_5.5.31+dfsg-0+wheezy1_i386.deb /var/cache/apt/archives/libmysqlclient-dev_5.5.31+dfsg-0+wheezy1_i386.deb root@SENTRY:/usr/src# From: Jeremy Hoel [mailto:jthoel () gmail com] Sent: Thursday, May 16, 2013 3:12 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] More ACID BASE Help ok.. so you don't have that installed... Do this. find / -iname 'libmysql*' On Thu, May 16, 2013 at 9:08 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: OK I did that and got this Locate: can not stat () '/var/lib/mlocate/mlocate': No such file or directory From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Thursday, May 16, 2013 3:05 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help ok, well that libmysqlclient should have been installed. have you tried a 'locate libmysqlclient' to see where it's at? On Thu, May 16, 2013 at 9:04 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: I can't remember seeing any From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Thursday, May 16, 2013 2:45 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help Did you get any errors when you ran the apt-get install command that you listed earlier? On Thu, May 16, 2013 at 2:41 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: Ok, so I did that and now I am getting this error. ********************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*) checked in the following places /usr/lib64/mysql /usr/lib64/mysql/lib /usr/lib64/mysql/mysql /usr/lib64/mysql/mysql/lib /usr/lib64/mysql/lib/mysql ********************************************** Where can I go to redownload libmysqlclient from? From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Thursday, May 16, 2013 2:21 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help You do see the error right? that needs to be fixed. Is this a 64 bit machine? If so you need to run config and point to the library.. ./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql or whereever it is at.. On Thu, May 16, 2013 at 1:54 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: This is what I installed in order to prep the OS for this project apt-get update && apt-get -y install apache2 apache2-doc autoconf automake bison ca-certificates ethtool flex g++ gcc gcc-4.4 libapache2-modphp5 libcrypt-ssleay-perl libmysqlclient-dev libnet1 libnet1-dev libpcre3 libpcre3-dev libphp-adodb libssl-dev libtool libwww-perl make mysqlclient mysql-common mysql-server ntp php5-cli php5-gd php5-mysql php-pear sendmail sysstat usbmount vim From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Thursday, May 16, 2013 1:51 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help Ok.. so then it didn't work the first time either.. Notice these errors. ********************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*) checked in the following places /usr /usr/lib /usr/mysql /usr/mysql/lib /usr/lib/mysql /usr/local /usr/local/lib /usr/local/mysql /usr/local/mysql/lib /usr/local/lib/mysql ********************************************** Do you have mysql-devel type packages installed? to provide libmysqlclient? On Thu, May 16, 2013 at 1:44 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: Ok this is what I got when I ran the install again root@SENTRY:/usr/src/barnyard2-master# ./configure --with-mysql && make && make install checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking how to print strings... printf checking for style of include used by make... GNU checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking dependency style of gcc... none checking for a sed that does not truncate output... /bin/sed checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for fgrep... /bin/grep -F checking for ld used by gcc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking whether the shell understands some XSI constructs... yes checking whether the shell understands "+="... yes checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu format... func_convert_file_noop checking how to convert i686-pc-linux-gnu file names to toolchain format... func_convert_file_noop checking for /usr/bin/ld option to reload object files... -r checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for ar... ar checking for archiver @FILE support... @ checking for strip... strip checking for ranlib... ranlib checking command to parse /usr/bin/nm -B output from gcc object... ok checking for sysroot... no checking for mt... mt checking if mt is a manifest tool... no checking how to run the C preprocessor... gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir... .libs checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC -DPIC checking if gcc PIC flag -fPIC -DPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.o... (cached) yes checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... yes checking whether to enable maintainer-specific portions of Makefiles... no checking for gcc option to accept ISO C99... -std=gnu99 checking for gcc -std=gnu99 option to accept ISO Standard C... (cached) -std=gnu99 checking for gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ISO C89... (cached) none needed checking dependency style of gcc... (cached) none checking whether byte ordering is bigendian... no checking for bison... bison checking for flex... flex checking for strings.h... (cached) yes checking for string.h... (cached) yes checking for stdlib.h... (cached) yes checking for unistd.h... (cached) yes checking sys/sockio.h usability... no checking sys/sockio.h presence... no checking for sys/sockio.h... no checking paths.h usability... yes checking paths.h presence... yes checking for paths.h... yes checking for inttypes.h... (cached) yes checking wchar.h usability... yes checking wchar.h presence... yes checking for wchar.h... yes checking math.h usability... yes checking math.h presence... yes checking for math.h... yes checking for floor in -lm... yes checking for ceil in -lm... yes checking for inet_ntoa in -lnsl... yes checking for socket in -lsocket... no checking whether printf must be declared... no checking whether fprintf must be declared... no checking whether syslog must be declared... no checking whether puts must be declared... no checking whether fputs must be declared... no checking whether fputc must be declared... no checking whether fopen must be declared... no checking whether fclose must be declared... no checking whether fwrite must be declared... no checking whether fflush must be declared... no checking whether getopt must be declared... no checking whether bzero must be declared... no checking whether bcopy must be declared... no checking whether memset must be declared... no checking whether strtol must be declared... no checking whether strcasecmp must be declared... no checking whether strncasecmp must be declared... no checking whether strerror must be declared... no checking whether perror must be declared... no checking whether socket must be declared... no checking whether sendto must be declared... no checking whether vsnprintf must be declared... no checking whether snprintf must be declared... no checking whether strtoul must be declared... no checking for snprintf... yes checking for strlcpy... no checking for strlcat... no checking for strerror... yes checking for vswprintf... yes checking for wprintf... yes checking size of char... 1 checking size of short... 2 checking size of int... 4 checking size of long int... 4 checking size of long long int... 8 checking size of unsigned int... 4 checking size of unsigned long int... 4 checking size of unsigned long long int... 8 checking for u_int8_t... yes checking for u_int16_t... yes checking for u_int32_t... yes checking for u_int64_t... yes checking for uint8_t... yes checking for uint16_t... yes checking for uint32_t... yes checking for uint64_t... yes checking for int8_t... yes checking for int16_t... yes checking for int32_t... yes checking for int64_t... yes checking for INADDR_NONE... yes checking for __FUNCTION__... yes checking pcap.h usability... yes checking pcap.h presence... yes checking for pcap.h... yes checking for pcap_datalink in -lpcap... yes checking for sparc... no checking for mysql... ********************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*) checked in the following places /usr /usr/lib /usr/mysql /usr/mysql/lib /usr/lib/mysql /usr/local /usr/local/lib /usr/local/mysql /usr/local/mysql/lib /usr/local/lib/mysql ********************************************** From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Thursday, May 16, 2013 1:30 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help Well, if locatedb is installed I like this 'updatedb' and 'locate barnyard2 | grep bin'' and that would be a good starting place. But you could also back to the /usr/src/barnyard2* directory and run 'sudo make install' or 'make install' as root and look at the output. On Thu, May 16, 2013 at 1:27 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: What would be the best command to run to find out where it was put. I didn't see anything while doing the install about where it would put the barnyard2 bin file From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Thursday, May 16, 2013 1:19 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help It won't be in a directory.. it should just be a bin by itself. When you build from source, if you do 'make install' as root or as sudo , it should but the binary somewhere, normally /usr/local/bin On Thu, May 16, 2013 at 1:17 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: No there is no barnyard2 binary in /usr/local/bin I to find the file, but was not able to find a barnyard2 directory. From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Wednesday, May 15, 2013 10:05 PM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help Is there a barnyard2 binary in /usr/local/bin? when you did make install in the /usr/src/barnyard2 directory was there any errors? Have you tried an 'updatedb' and 'locate barnyard2 | grep bin' Also - please keep replies to the list so that others may learn or help. Thanks! On Thu, May 16, 2013 at 3:35 AM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: Now that I have that in place, I have tried to run snort and barnyard using Now start snort and barnyard with these commands: # /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 & # /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config & But when I run the second command I get root@######:/usr/src<mailto:root@#%23%23%23%23%23:/usr/src># /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log /etc/snort/sid-msg.map -C /etc/snort/classification.config & [2] 350 root@######:/usr/src<mailto:root@#%23%23%23%23%23:/usr/src># -bash: /usr/local/bin/barnyard2: No such file or directory ________________________________ From: Jeremy Hoel [jthoel () gmail com<mailto:jthoel () gmail com>] Sent: Wednesday, May 15, 2013 8:42 PM To: Shaun Marlin Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] More ACID BASE Help Look in the barnyard2-* folder in /usr/src; there should a folder called etc and in there is the default barnyard2.conf you could run 'mv etc/barnyard2.conf /etc/snort' On Thu, May 16, 2013 at 2:21 AM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote: Hi there again, So I was directed to use this document http://s3.amazonaws.com/snort-org/www/assets/167/deb_snort_howto.pdf, which to its credit has worked well so far. Right now I am stumped on this section. 4. Install & configure Barnyard2 # cd /usr/src && wget https://github.com/firnsy/barnyard2/archive/master.tar.gz # tar -zxf master.tar.gz && cd barnyard2-* # autoreconf -fvi -I ./m4 && ./configure --with-mysql && make && make install # mv /usr/local/etc/barnyard2.conf /etc/snort # cp schemas/create_mysql /usr/src When I run the command mv /usr/local/etc/barnyard2.conf /etc/snort I get the following error root@#####:/usr/src/barnyard2-master# mv /usr/local/etc/barnyard2.conf /etc/snort mv: cannot stat `/usr/local/etc/barnyard2.conf': No such file or directory I looked in that folder and there was no barnyard2.conf file at all. Other than that it is going fine Can someone tell my why I can't find barnyard2.conf, or better yet where it is located when installed on Debian 7? Thanks -Shaun Shaun Marlin Network Administrator [cid:image001.jpg@01CE5248.044F1E60] Canalta Family of Companies 2109 - 545 Highway 10 East Drumheller AB Canada T0J 0Y0 PHONE: (403) 820-3865<tel:%28403%29%20820-3865> CELL: (403) 334-1313<tel:%28403%29%20334-1313> EMAIL: shaun.marlin () canalta com<mailto:shaun.marlin () canalta com> WEB: www.canalta.com<http://www.canalta.com> ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: More ACID BASE Help, (continued)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)