![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Error in reading unified2 log files
From: Dave Corsello <snort-users () wintertreemedia com>
Date: Fri, 02 May 2014 08:05:06 -0400
Are you using mysql or mssql? (You mention both.) Snort shouldn't be configured to directly touch a database--barnyard2 handles that. So, remove any "output database" lines from snort.conf, and make sure there's an "output unified2" statement. If you're starting from scratch, it probably makes sense to start with snort 2.9.6.1, which is the most current version, not 2.9.2.
On 5/2/2014 2:53 AM, basant subba wrote:
I am trying to process the unified2 output from /var/log/snort using the following commandbarnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2But I am getting this error:: ERROR database: 'mssql' support is not compiled into this build of snort. My snort version is 2.9.2 and guessing from the output error I think this version of snort doesn't support mysql. I tried ./configure--with-mssql too but that doesn't help either. Can anyone guide me on how to upgrade my snort to latest version that supports mysql. Thanks in advance.Here's my complete output message.root@basant-A7GMX-K:/var/log/snort# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/snort/barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ Barnyard2 spooler: Event cache size set to [2048] Log directory = /var/log/barnyard2 ERROR database: 'mssql' support is not compiled into this build of snortERROR: If this build of barnyard2 was obtained as a binary distribution (e.g., rpm,or Windows), then check for alternate builds that contains the necessary 'mssql' support. If this build of barnyard2 was compiled by you, then re-run the the ./configure script using the '--with-mssql' switch. For non-standard installations of a database, the '--with-mssql=DIR'syntax may need to be used to specify the base directory of the DB install.See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation. Fatal Error, Quitting.. Barnyard2 exiting =============================================================================== Record Totals: Records: 0 Events: 0 (0.000%) Packets: 0 (0.000%) Unknown: 0 (0.000%) Suppressed: 0 (0.000%) =============================================================================== ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Error in reading unified2 log files basant subba (May 01)
- Re: Error in reading unified2 log files Dave Corsello (May 02)