Re: Baryard2 error

[basant subba <basantsubba () gmail com>]

Thank you everyone for the help. Now even the BASE is up and running. If
anyone else is having the same problem, I would recommend them to visit
this page for trouble shooting

http://www.howtoforge.com/intrusion-detection-with-snort-mysql-apache2-on-ubuntu-7.10


On Tue, May 13, 2014 at 9:49 AM, Jeremy Hoel <jthoel () gmail com> wrote:

> Once you install base (or as part of the install process) you tell it to
> use the DB that you have with BY2.  I haven't installed BASE in YEARS so I
> don't recall the exact process, but it should be too hard.
>
> Worse case, you have to nuke your DB, have base create it and then use
> that DB with BY2.  You can have BY2 replay the unified 2 files that you
> already sent if you need to start over.
>
> You might find BASE a bit limiting and you might look into playing with
> Snorby.. it uses a BY2 compatible DB..
>
> And glad you got it working!
>
>
>
>
> On Tue, May 13, 2014 at 12:11 AM, basant subba <basantsubba () gmail com>wrote:
>
> > Thank you Jeremy for your help. BY2 is working now and its logging data
> > from U2 file to mysql database. However now I want to list the contents of
> > mysql database using BASE. How do I do that? Is there any manual for BASE
> > installation? Once again thank you for your help.
> >
> >
> > On Tue, May 13, 2014 at 1:59 AM, Jeremy Hoel <jthoel () gmail com> wrote:
> >
> > > The error is not related to the ouput but to the compilation of BY2.
> > >  You are doing it from source yes?  You have the proper libraries and
> > > headers installed and when you compile, are there any errors?
> > >
> > > Where are you getting the source from?  My folder was called
> > > barnyard2-master because that was the tgz I had grabbed at the time.  The
> > > autogen should by in whatever folder gets created when you extract the
> > > zip/tarball.
> > >
> > >
> > >
> > >
> > >
> > > On Mon, May 12, 2014 at 11:15 AM, basant subba <basantsubba () gmail com>wrote:
> > >
> > > > Hi Juan I have compiled my baryard2 with './configure --with-mysql'
> > > > command as recommended in many of the posts. But I am still getting the
> > > > same error. If you have a working barnyard2.conf file that works with mysql
> > > > can you please post it in the mailing list or mail me personally? And
> > > >  thank you for your reply.
> > > >
> > > >
> > > > On Mon, May 12, 2014 at 8:08 PM, Juan Jesus Prieto <
> > > > jjprieto () redborder org> wrote:
> > > >
> > > > >  Hi Basant,
> > > > >
> > > > >   snort does not need to have mysql support, snort write at topspeed
> > > > > to unified2 file and barnyard2 will keep open this file to read packets and
> > > > > events information in u2 format and relay it via output plugin like mysql,
> > > > > syslog, etc. I suppose the error is from your barnyard2 installation.
> > > > >
> > > > > Regards.
> > > > >
> > > > > El 12/05/14 15:18, basant subba escribió:
> > > > >
> > > > > Hello snort users. When I am trying run barnyard to process my
> > > > > unified2 output alerts, I am getting this error.
> > > > >
> > > > >  *database: 'mysql' support is not compiled into this build of snort*
> > > > >
> > > > >  *ERROR: If this build of snort was obtained as a binary distribution
> > > > > (e.g., rpm,*
> > > > > *or Windows), then check for alternate builds that contains the
> > > > > necessary*
> > > > > *'mysql' support.*
> > > > >
> > > > >  *The error is self explanatory in the sense that my installed
> > > > > version of snort doesn't support mqsql. My query is how do I rebuild my
> > > > > snort so that it supports mysql without removing the installed version?*
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------------------------------
> > > > > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > > > > Instantly run your Selenium tests across 300+ browser/OS combos.
> > > > > Get unparalleled scalability from the best Selenium testing platform available
> > > > > Simple to use. Nothing to install. Get started now for free."http://p.sf.net/sfu/SauceLabs
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Snort-users mailing listSnort-users () lists sourceforge net
> > > > > Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > > > >
> > > > > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ------------------------------------------------------------------------------
> > > > > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > > > > Instantly run your Selenium tests across 300+ browser/OS combos.
> > > > > Get unparalleled scalability from the best Selenium testing platform
> > > > > available
> > > > > Simple to use. Nothing to install. Get started now for free."
> > > > > http://p.sf.net/sfu/SauceLabs
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users () lists sourceforge net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > > > >
> > > > > Please visit http://blog.snort.org to stay current on all the latest
> > > > > Snort news!
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------------------------------
> > > > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > > > Instantly run your Selenium tests across 300+ browser/OS combos.
> > > > Get unparalleled scalability from the best Selenium testing platform
> > > > available
> > > > Simple to use. Nothing to install. Get started now for free."
> > > > http://p.sf.net/sfu/SauceLabs
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > > >
> > > > Please visit http://blog.snort.org to stay current on all the latest
> > > > Snort news!
> >
> >
> > ------------------------------------------------------------------------------
> > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > Instantly run your Selenium tests across 300+ browser/OS combos.
> > Get unparalleled scalability from the best Selenium testing platform
> > available
> > Simple to use. Nothing to install. Get started now for free."
> > http://p.sf.net/sfu/SauceLabs
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!