Re: error snort + MySQL - SAME PROBLEM HERE.

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Hi,

Christopher.Downs () kc frb org wrote:
> What are the snort compile args you used ? here is what im compiling with
> in a chrooted $ENV:
>
> [root@j1snort1 snort-2.0.0]# ./configure
> --bindir=/var/chroot/snort/usr/bin/ --sbindir=/var/chroot/snort/usr/sbin/
> --libexecdir=/var/chroot/snort/lib/libexec/ --libdir=/var/chroot/snort/lib/
> --with-mysql
> [root@j1snort1 snort-2.0.0]#
>
> Also are you running MySQL on the localhost or another machine on the
> network ? I am currently attempting to log to a remote host.
>
> Here is my error at start:
>
> ---------------------- snip --------------------------
> telnet_decode arguments:
>     Ports to decode telnet on: 21 23 25 119
> database: compiled support for ( )
> database: configured to use mysql
            ^^^^^^^^^^

> database: 'mysql' support is not compiled into this build of snort
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ERROR: If this build of snort was obtained as a binary distribution (e.g.,
> rpm,
> or Windows), then check for alternate builds that contains the necessary
> 'mysql' support.
>
> If this build of snort was compiled by you, then re-run the
> the ./configure script using the '--with-mysql' switch.
> For non-standard installations of a database, the '--with-mysql=DIR'
> syntax may need to be used to specify the base directory of the DB install.
>
> See the database documentation for cursory details (doc/README.database).
> and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
>
> [cdowns@j1snort1 cdowns]$
>
> Here is my snort run start command with args:
>
> [cdowns@j1snort1 cdowns]$ cat snort_start.sh
> cd /var/chroot/snort/usr/bin/ ; ./snort -i eth0 -u snort -g snort -C -c
> ../../etc/rules/snort.conf -l ../../var/log/snort/ &
> [cdowns@j1snort1 cdowns]$
>
> Thanks again, I would like to find out what the hell is going on hehe.

Compile Snort with mysql support, hehe. ;)

configured != support compiled in

Configured means YOU configured Snort to work that way. But Snort is
saying that no support for dealing with the DB was compiled in.

Is that the point?

OK it sounds silly, but it should simple as that. I suppose you did
not have mysql header files at compile time available.

If you're using RedHat install mysql and mysql-devel RPMs. On
Spenneberg's site you can get precompiled and fine working Snort RPMs.

But (!), letting Snort writing to a DB by itself can cause serious
packet loss. Be warned, because that may be your next question here...

Regards,

Edin


> ~!>D

-- 
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users