Snort mailing list archives
Re: More ACID BASE Help
From: Jeremy Hoel <jthoel () gmail com>
Date: Thu, 16 May 2013 21:40:08 +0000
With a make and make install and no errors? Then yes.. Check /usr/local/bin On May 16, 2013 3:36 PM, "Shaun Marlin" <shaun.marlin () canalta com> wrote:
Ok, so that went through with NO errors…. Should I look and see if the bin/barnyard2 file is there?**** ** ** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 3:31 PM *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** ** ** don't worry about make clean.**** ** ** Try the configure command again without the last /**** ** ** ie: ./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu**** ** ** On Thu, May 16, 2013 at 9:28 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** Sorry I forgot to put in the error**** **** ************************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*)**** checked in the following places**** /usr/i386-linux-gnu/**** /usr/i386-linux-gnu//lib**** /usr/i386-linux-gnu//mysql**** /usr/i386-linux-gnu//mysql/lib**** /usr/i386-linux-gnu//lib/mysql**** ************************************************** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] **** *Sent:* Thursday, May 16, 2013 3:19 PM *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** Well your libraries are in a weird location, but ok.**** **** cd /usr/src/banryard2***** make clean**** autoreconf -fvi -I ./m4**** ./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu/** ** make**** make install**** **** Do each one, one command at a time to see if there are errors.**** **** **** **** On Thu, May 16, 2013 at 9:14 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** When I ran that I got this**** **** root@SENTRY:/usr/src# find / -iname libmysql***** /usr/lib/i386-linux-gnu/libmysqlclient_r.so**** /usr/lib/i386-linux-gnu/libmysqlclient.a**** /usr/lib/i386-linux-gnu/libmysqlclient.so.18.0.0**** /usr/lib/i386-linux-gnu/libmysqlclient.so**** /usr/lib/i386-linux-gnu/libmysqlclient_r.a**** /usr/lib/i386-linux-gnu/libmysqlclient.so.18**** /usr/lib/i386-linux-gnu/libmysqlclient_r.so.18**** /usr/lib/i386-linux-gnu/libmysqlclient_r.so.18.0.0**** /usr/lib/libreoffice/program/libmysqllo.so**** /usr/share/doc/libmysqlclient-dev**** /usr/share/doc/libmysqlclient18**** /var/lib/dpkg/info/libmysqlclient-dev.list**** /var/lib/dpkg/info/libmysqlclient-dev.md5sums**** /var/lib/dpkg/info/libmysqlclient18:i386.md5sums**** /var/lib/dpkg/info/libmysqlclient18:i386.postinst**** /var/lib/dpkg/info/libmysqlclient18:i386.postrm**** /var/lib/dpkg/info/libmysqlclient18:i386.shlibs**** /var/lib/dpkg/info/libmysqlclient18:i386.list**** /var/cache/apt/archives/libmysqlclient18_5.5.31+dfsg-0+wheezy1_i386.deb*** * /var/cache/apt/archives/libmysqlclient-dev_5.5.31+dfsg-0+wheezy1_i386.deb* *** root@SENTRY:/usr/src#**** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 3:12 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** ok.. so you don't have that installed...**** **** Do this.**** **** find / -iname 'libmysql*'**** **** **** **** On Thu, May 16, 2013 at 9:08 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** OK I did that and got this**** **** Locate: can not stat () ‘/var/lib/mlocate/mlocate’: No such file or directory**** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 3:05 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** ok, well that libmysqlclient should have been installed. have you tried a 'locate libmysqlclient' to see where it's at?**** On Thu, May 16, 2013 at 9:04 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** I can’t remember seeing any**** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 2:45 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** Did you get any errors when you ran the apt-get install command that you listed earlier?**** **** **** On Thu, May 16, 2013 at 2:41 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** Ok, so I did that and now I am getting this error.**** **** ************************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*)**** checked in the following places**** /usr/lib64/mysql**** /usr/lib64/mysql/lib**** /usr/lib64/mysql/mysql**** /usr/lib64/mysql/mysql/lib**** /usr/lib64/mysql/lib/mysql**** ************************************************** Where can I go to redownload libmysqlclient from?**** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 2:21 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** You do see the error right? that needs to be fixed.**** **** Is this a 64 bit machine?**** **** If so you need to run config and point to the library..**** **** ./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql**** **** or whereever it is at.. **** **** **** **** On Thu, May 16, 2013 at 1:54 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** This is what I installed in order to prep the OS for this project**** **** *apt-get update && apt-get -y install apache2 apache2-doc autoconf automake bison ca-certificates ethtool flex g++ gcc gcc-4.4 libapache2-modphp5 libcrypt-ssleay-perl libmysqlclient-dev libnet1 libnet1-dev libpcre3 libpcre3-dev libphp-adodb libssl-dev libtool libwww-perl make mysqlclient mysql-common mysql-server ntp php5-cli php5-gd php5-mysql php-pear sendmail sysstat usbmount vim***** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 1:51 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** Ok.. so then it didn't work the first time either.. Notice these errors.* *** **** ************************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*)**** checked in the following places**** /usr**** /usr/lib**** /usr/mysql**** /usr/mysql/lib**** /usr/lib/mysql**** /usr/local**** /usr/local/lib**** /usr/local/mysql**** /usr/local/mysql/lib**** /usr/local/lib/mysql**** ************************************************** **** **** Do you have mysql-devel type packages installed? to provide libmysqlclient?**** **** **** **** On Thu, May 16, 2013 at 1:44 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** Ok this is what I got when I ran the install again**** **** root@SENTRY:/usr/src/barnyard2-master# ./configure --with-mysql && make && make install**** checking for a BSD-compatible install... /usr/bin/install -c**** checking whether build environment is sane... yes**** checking for a thread-safe mkdir -p... /bin/mkdir -p**** checking for gawk... no**** checking for mawk... mawk**** checking whether make sets $(MAKE)... yes**** checking build system type... i686-pc-linux-gnu**** checking host system type... i686-pc-linux-gnu**** checking how to print strings... printf**** checking for style of include used by make... GNU**** checking for gcc... gcc**** checking whether the C compiler works... yes**** checking for C compiler default output file name... a.out**** checking for suffix of executables...**** checking whether we are cross compiling... no**** checking for suffix of object files... o**** checking whether we are using the GNU C compiler... yes**** checking whether gcc accepts -g... yes**** checking for gcc option to accept ISO C89... none needed**** checking dependency style of gcc... none**** checking for a sed that does not truncate output... /bin/sed**** checking for grep that handles long lines and -e... /bin/grep**** checking for egrep... /bin/grep -E**** checking for fgrep... /bin/grep -F**** checking for ld used by gcc... /usr/bin/ld**** checking if the linker (/usr/bin/ld) is GNU ld... yes**** checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B**** checking the name lister (/usr/bin/nm -B) interface... BSD nm**** checking whether ln -s works... yes**** checking the maximum length of command line arguments... 1572864**** checking whether the shell understands some XSI constructs... yes**** checking whether the shell understands "+="... yes**** checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu format... func_convert_file_noop**** checking how to convert i686-pc-linux-gnu file names to toolchain format... func_convert_file_noop**** checking for /usr/bin/ld option to reload object files... -r**** checking for objdump... objdump**** checking how to recognize dependent libraries... pass_all**** checking for dlltool... no**** checking how to associate runtime and link libraries... printf %s\n**** checking for ar... ar**** checking for archiver @FILE support... @**** checking for strip... strip**** checking for ranlib... ranlib**** checking command to parse /usr/bin/nm -B output from gcc object... ok**** checking for sysroot... no**** checking for mt... mt**** checking if mt is a manifest tool... no**** checking how to run the C preprocessor... gcc -E**** checking for ANSI C header files... yes**** checking for sys/types.h... yes**** checking for sys/stat.h... yes**** checking for stdlib.h... yes**** checking for string.h... yes**** checking for memory.h... yes**** checking for strings.h... yes**** checking for inttypes.h... yes**** checking for stdint.h... yes**** checking for unistd.h... yes**** checking for dlfcn.h... yes**** checking for objdir... .libs**** checking if gcc supports -fno-rtti -fno-exceptions... no**** checking for gcc option to produce PIC... -fPIC -DPIC**** checking if gcc PIC flag -fPIC -DPIC works... yes**** checking if gcc static flag -static works... yes**** checking if gcc supports -c -o file.o... yes**** checking if gcc supports -c -o file.o... (cached) yes**** checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes**** checking whether -lc should be explicitly linked in... no**** checking dynamic linker characteristics... GNU/Linux ld.so**** checking how to hardcode library paths into programs... immediate**** checking whether stripping libraries is possible... yes**** checking if libtool supports shared libraries... yes**** checking whether to build shared libraries... yes**** checking whether to build static libraries... yes**** checking whether to enable maintainer-specific portions of Makefiles... no **** checking for gcc option to accept ISO C99... -std=gnu99**** checking for gcc -std=gnu99 option to accept ISO Standard C... (cached) -std=gnu99**** checking for gcc... (cached) gcc**** checking whether we are using the GNU C compiler... (cached) yes**** checking whether gcc accepts -g... (cached) yes**** checking for gcc option to accept ISO C89... (cached) none needed**** checking dependency style of gcc... (cached) none**** checking whether byte ordering is bigendian... no**** checking for bison... bison**** checking for flex... flex**** checking for strings.h... (cached) yes**** checking for string.h... (cached) yes**** checking for stdlib.h... (cached) yes**** checking for unistd.h... (cached) yes**** checking sys/sockio.h usability... no**** checking sys/sockio.h presence... no**** checking for sys/sockio.h... no**** checking paths.h usability... yes**** checking paths.h presence... yes**** checking for paths.h... yes**** checking for inttypes.h... (cached) yes**** checking wchar.h usability... yes**** checking wchar.h presence... yes**** checking for wchar.h... yes**** checking math.h usability... yes**** checking math.h presence... yes**** checking for math.h... yes**** checking for floor in -lm... yes**** checking for ceil in -lm... yes**** checking for inet_ntoa in -lnsl... yes**** checking for socket in -lsocket... no**** checking whether printf must be declared... no**** checking whether fprintf must be declared... no**** checking whether syslog must be declared... no**** checking whether puts must be declared... no**** checking whether fputs must be declared... no**** checking whether fputc must be declared... no**** checking whether fopen must be declared... no**** checking whether fclose must be declared... no**** checking whether fwrite must be declared... no**** checking whether fflush must be declared... no**** checking whether getopt must be declared... no**** checking whether bzero must be declared... no**** checking whether bcopy must be declared... no**** checking whether memset must be declared... no**** checking whether strtol must be declared... no**** checking whether strcasecmp must be declared... no**** checking whether strncasecmp must be declared... no**** checking whether strerror must be declared... no**** checking whether perror must be declared... no**** checking whether socket must be declared... no**** checking whether sendto must be declared... no**** checking whether vsnprintf must be declared... no**** checking whether snprintf must be declared... no**** checking whether strtoul must be declared... no**** checking for snprintf... yes**** checking for strlcpy... no**** checking for strlcat... no**** checking for strerror... yes**** checking for vswprintf... yes**** checking for wprintf... yes**** checking size of char... 1**** checking size of short... 2**** checking size of int... 4**** checking size of long int... 4**** checking size of long long int... 8**** checking size of unsigned int... 4**** checking size of unsigned long int... 4**** checking size of unsigned long long int... 8**** checking for u_int8_t... yes**** checking for u_int16_t... yes**** checking for u_int32_t... yes**** checking for u_int64_t... yes**** checking for uint8_t... yes**** checking for uint16_t... yes**** checking for uint32_t... yes**** checking for uint64_t... yes**** checking for int8_t... yes**** checking for int16_t... yes**** checking for int32_t... yes**** checking for int64_t... yes**** checking for INADDR_NONE... yes**** checking for __FUNCTION__... yes**** checking pcap.h usability... yes**** checking pcap.h presence... yes**** checking for pcap.h... yes**** checking for pcap_datalink in -lpcap... yes**** checking for sparc... no**** checking for mysql...**** **** ************************************************** ERROR: unable to find mysqlclient library (libmysqlclient.*)**** checked in the following places**** /usr**** /usr/lib**** /usr/mysql**** /usr/mysql/lib**** /usr/lib/mysql**** /usr/local**** /usr/local/lib**** /usr/local/mysql**** /usr/local/mysql/lib**** /usr/local/lib/mysql**** ************************************************** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 1:30 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** Well, if locatedb is installed I like this 'updatedb' and 'locate barnyard2 | grep bin'' and that would be a good starting place.**** **** But you could also back to the /usr/src/barnyard2* directory and run 'sudo make install' or 'make install' as root and look at the output.**** On Thu, May 16, 2013 at 1:27 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** What would be the best command to run to find out where it was put. I didn’t see anything while doing the install about where it would put the barnyard2 bin file**** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Thursday, May 16, 2013 1:19 PM**** *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** **** It won't be in a directory.. it should just be a bin by itself.**** **** When you build from source, if you do 'make install' as root or as sudo , it should but the binary somewhere, normally /usr/local/bin**** On Thu, May 16, 2013 at 1:17 PM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** No there is no barnyard2 binary in /usr/local/bin**** **** I to find the file, but was not able to find a barnyard2 directory.**** **** *From:* Jeremy Hoel [mailto:jthoel () gmail com] *Sent:* Wednesday, May 15, 2013 10:05 PM *To:* snort-users () lists sourceforge net**** *Subject:* Re: [Snort-users] More ACID BASE Help**** **** Is there a barnyard2 binary in /usr/local/bin? **** **** when you did make install in the /usr/src/barnyard2 directory was there any errors?**** **** Have you tried an 'updatedb' and 'locate barnyard2 | grep bin'**** **** Also - please keep replies to the list so that others may learn or help.** ** **** Thanks!**** On Thu, May 16, 2013 at 3:35 AM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** Now that I have that in place, I have tried to run snort and barnyard using **** **** Now start snort and barnyard with these commands:**** *# /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 &***** *# /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G /etc/snort/gen-msg.map -S***** */etc/snort/sid-msg.map -C /etc/snort/classification.config &***** * ***** *But when I run the second command I get ***** * ***** *root@######:/usr/src# /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log /etc/snort/sid-msg.map -C /etc/snort/classification.config & [2] 350 root@######:/usr/src# -bash: /usr/local/bin/barnyard2: No such file or directory***** * ***** ------------------------------ *From:* Jeremy Hoel [jthoel () gmail com] *Sent:* Wednesday, May 15, 2013 8:42 PM *To:* Shaun Marlin *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] More ACID BASE Help**** Look in the barnyard2-* folder in /usr/src; there should a folder called etc and in there is the default barnyard2.conf **** **** **** you could run '*mv etc/barnyard2.conf /etc/snort'***** **** **** On Thu, May 16, 2013 at 2:21 AM, Shaun Marlin <shaun.marlin () canalta com> wrote:**** Hi there again,**** **** So I was directed to use this document http://s3.amazonaws.com/snort-org/www/assets/167/deb_snort_howto.pdf, which to its credit has worked well so far. Right now I am stumped on this section.**** **** *4. Install & configure Barnyard2***** *# cd /usr/src && wget https://github.com/firnsy/barnyard2/archive/master.tar.gz***** *# tar -zxf master.tar.gz && cd barnyard2-****** *# autoreconf -fvi -I ./m4 && ./configure --with-mysql && make && make install***** *# mv /usr/local/etc/barnyard2.conf /etc/snort***** *# cp schemas/create_mysql /usr/src***** **** When I run the command**** *mv /usr/local/etc/barnyard2.conf /etc/snort***** **** I get the following error**** *root@#####:/usr/src/barnyard2-master# mv /usr/local/etc/barnyard2.conf /etc/snort***** *mv: cannot stat `/usr/local/etc/barnyard2.conf': No such file or directory***** **** I looked in that folder and there was no barnyard2.conf file at all.**** **** Other than that it is going fine**** **** Can someone tell my why I can't find barnyard2.conf, or better yet where it is located when installed on Debian 7?**** **** Thanks**** -Shaun**** **** *Shaun Marlin* Network Administrator *Canalta Family of Companies***** 2109 - 545 Highway 10 East Drumheller AB Canada T0J 0Y0 PHONE: (403) 820-3865 CELL: (403) 334-1313 **** EMAIL: shaun.marlin () canalta com WEB: www.canalta.com **** **** ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!**** **** **** **** **** **** **** **** **** **** **** ** **
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: More ACID BASE Help, (continued)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)
- Re: More ACID BASE Help Jeremy Hoel (May 16)
- Re: More ACID BASE Help beenph (May 21)
- Re: More ACID BASE Help Gregory W. MacPherson (May 16)
- Re: More ACID BASE Help Shaun Marlin (May 16)