Snort mailing list archives

RE: OT: Help with Barnyard

From: "Gordon Cunningham" <gcunnin2 () bellsouth net>
Date: Thu, 10 Apr 2003 12:15:31 -0400

Ralf,

I need to pass a --with-mysql-libraries=DIR to the configure and have been
unable to do so using the rpmbuild util.  Without it I get:

checking for mysql_connect in -lmysqlclient... no


**********************************************
  ERROR: unable to find mysqlclient library
  checked in the following places
        /usr/lib/mysql
**********************************************

How difficult would it be to make the RH7.3 RPM?  Does everyone go through
this with Barnyard, or is there something "special" with my installation?


- Gordon

 -----Original Message-----
From:   snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]  On Behalf Of Ralf
Spenneberg
Sent:   Thursday, April 10, 2003 11:29 AM
To:     gcunnin2 () bellsouth net
Cc:     SnortUsers
Subject:        RE: [Snort-users] OT:  Help with Barnyard

Am Don, 2003-04-10 um 16.46 schrieb Gordon Cunningham:

I appreciate your help, Ralf.  When I try to install the RPM, I get the
following:

error: failed dependencies:
        libc.so.6(GLIBC_2.3)   is needed by barnyard-0.1.0-1

Oh. Ok. The RPM was compiled on Redhat 8.0. Either get
http://www.spenneberg.com/redirect.php?url=public/SRPMS/barnyard-0.1.0-1.src
.rpm and do
rpmbuild --rebuild barnyard-0.1.0-1.src.rpm
or (or if it fails)
contact me again and I will build a barnyard RPM for RedHat 7.3


Cheers,

Ralf


I have glibc 2.2.5-43 and libc.so.6 is present on this RH 7.3 machine -
there is no glibc 2.3 available for RH 7.3 unless I recompile from source.
Is that going to be necessary?  If so, I'll have to also upgrade my gcc
compiler and I'm not sure what else will break...  it's got to be easier
than this.

Using MySQL version 11.18 dist 3.23.54...

I've tried different sites for the barnyard source.  When I try to "make"
barnyard 0.1.0 after a "configure -enable-mysql", this is the result:

make  all-recursive
make[1]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0'
Making all in src
make[2]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
Making all in output-plugins
make[3]: Entering directory
`/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory
`/usr/src/redhat/SOURCES/barnyard-0.1.0/src/output-plugins'
Making all in input-plugins
make[3]: Entering directory
`/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory
`/usr/src/redhat/SOURCES/barnyard-0.1.0/src/input-plugins'
make[3]: Entering directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
gcc  -g -O2 -Wall -L/usr/lib/mysql -o barnyard  barnyard.o configparse.o
mstring.o strlcatu.o strlcpyu.o util.o spool.o sid.o debug.o
classification.o output-plugins/libop.a

input-plugins/libdp.a -lmysqlclient

/usr/lib/mysql/libmysqlclient.a(my_compress.o): In function

`my_uncompress':

my_compress.o(.text+0xaa): undefined reference to `uncompress'
/usr/lib/mysql/libmysqlclient.a(my_compress.o): In function
`my_compress_alloc':
my_compress.o(.text+0x13c): undefined reference to `compress'
collect2: ld returned 1 exit status
make[3]: *** [barnyard] Error 1
make[3]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/redhat/SOURCES/barnyard-0.1.0'
make: *** [all-recursive-am] Error 2


- Gordon

 -----Original Message-----
From:         Ralf Spenneberg [mailto:mct () spenneberg de]
Sent: Thursday, April 10, 2003 12:44 AM
To:   gcunnin2 () bellsouth net
Cc:   SnortUsers
Subject:      RE: [Snort-users] OT:  Help with Barnyard

Am Mit, 2003-04-09 um 16.38 schrieb Gordon Cunningham:

Ralf,

Thanks for responding.  (Just tried recompiling and I'm now getting an
error - undef ref to my_compress - will look into this)

Yes, barnyard was compiled with MySQL support and appears to connect to
MySQL just fine, but always has an undefined output plugin error.
classificaton.config is in the same subdir as the .map files.  I'm

testing

snort 1.9.1 on RedHat 7.3 with latest patches - single NIC at the

moment.

did note the different naming of the output plugin (config file

originally

had alert_acid_db or log_acid_db instead of op_acid_db), but neither

works.

How do I configure the output plugins, or are they supposed to be

automatic?
The plugins are configured using the following lines:
output alert_acid_db: mysql, sensor_id 1, database sensors, server
localhost, user xxxx, password secret
output log_acid_db: mysql, sensor_id 1, database sensors, server
localhost, user xxxx, detail full, password secret

It works fine using my RPM.

# output op_acid_db: mysql, sensor_id 1, database snort, server

localhost,

user XXXX, password XXXX
output op_acid_db: mysql, sensor_id 1, database snort, server localhost,
user XXXX, password XXXX, detail full


Could you send the exact error messages when compiling? Maybe you want
to start with a fresh source. Otherwise try my RPM package
http://www.spenneberg.com/6.html?subject=%2FIDS%2F

Cheers,

Ralf



--
Ralf Spenneberg
RHCE, RHCX

IPsec/PPTP Kernels for Red Hat Linux:
http://www.spenneberg.com/.net/.org/.de
Honeynet Project Mirror:                http://honeynet.spenneberg.org
Snort Mirror:                           http://snort.spenneberg.org

--
Ralf Spenneberg
RHCE, RHCX

IPsec/PPTP Kernels for Red Hat Linux:
http://www.spenneberg.com/.net/.org/.de
Honeynet Project Mirror:                http://honeynet.spenneberg.org
Snort Mirror:                           http://snort.spenneberg.org


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: OT: Help with Barnyard Ralf Spenneberg (Apr 08)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 09)
  - RE: OT: Help with Barnyard Ralf Spenneberg (Apr 09)
    - RE: OT: Help with Barnyard Gordon Cunningham (Apr 10)
    - RE: OT: Help with Barnyard Ralf Spenneberg (Apr 10)
    - RE: OT: Help with Barnyard Gordon Cunningham (Apr 10)
    - RE: OT: Help with Barnyard Ralf Spenneberg (Apr 10)
    - RE: OT: Help with Barnyard Gordon Cunningham (Apr 10)
- RE: OT: Help with Barnyard Gordon Cunningham (Apr 09)
- <Possible follow-ups>
- Re: OT: Help with Barnyard Ralf Spenneberg (Apr 10)