Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: barnyard errors

From: "Scott Renna" <srenna () d-a-s com>
Date: Thu, 17 Jul 2003 17:05:51 -0400
target=NONE
verbose=
x_includes=NONE
...skipping...
  CPPFLAGS="${CPPFLAGS} -DENABLE_MYSQL"



***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 

-----Original Message-----
From: Bamm Visscher [mailto:bamm () satx rr com] 
Sent: Thursday, July 17, 2003 4:58 PM
To: Scott Renna
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] barnyard errors


In your 'configure' is your CPP_FLAGS include -DENABLE_MYSQL?

Bammkkkk

On Thu, Jul 17, 2003 at 04:56:12PM -0400, Scott Renna wrote:

Would you recommend I drop the version of mysql back down to 3.23? 
Will that solve the problem in this case ?

Here's what my op_plugbase.c file looks like

#ifdef ENABLE_MYSQL
#include "op_acid_db.h"
#endif
#include "op_alert_csv.h"


/* ----------------------- Global Data --------------------------*/ 
OutputPluginListNode *outputPlugins = NULL;

/* ----------------------- Global Functions 
--------------------------*/ void LoadOutputPlugins() {
    LogMessage("Loading Built-in Output Plugins...\n");

    AlertFastOpInit();
    AlertSyslogOpInit();
    LogDumpOpInit();
    LogPcapOpInit();
#ifdef ENABLE_MYSQL
    AcidDbOpInit();
#endif
    AlertCSVOpInit();
    return;

it's located in the src directory right under barnyard...does it need 
to be moved elsewhere?


***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

***************************

-----Original Message-----
From: Bamm Visscher [mailto:bamm () satx rr com]
Sent: Thursday, July 17, 2003 4:45 PM
To: Scott Renna
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] barnyard errors


I assume you did this because you are using mysql4?

Sounds like that may be your problem. If ENABLE_MYSQL isn't defined 
correctly, then barnyard won't know op_acid_db exists:

  From op_plugbase.c -
    #ifdef ENABLE_MYSQL
    #include "op_acid_db.h"
    #endif

Bammkkkk


On Thu, Jul 17, 2003 at 04:41:55PM -0400, Scott Renna wrote:

I acutally reconfiged barnyard with the --enable-mysql switch. It
wasn't working initially, then someone else on the list recommended

I 

locate the lines in the configure file and change them from 
mysql_connect to my_connect. After that, I was able to run configure



and install it.

Is that the right way to go about this or no?

Should I give it another go?



***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

***************************

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bamm
Visscher
Sent: Thursday, July 17, 2003 4:25 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] barnyard errors


Shot in the dark here, but are you sure mysql was enabled during the
configure and subsequant make? If not, support for the op_acid

plugin 

may not be there.

Bammkkkk

On Thu, Jul 17, 2003 at 03:51:53PM -0400, Scott Renna wrote:

config hostname: xxxxxx
config interface: dc0
config filter: not port 22

processor dp_alert
processor dp_log
processor dp_stream_stat

output alert_fast
output log_dump

output alert_acid_db: mysql, sensor_id 1, database snort, server 
localhost, user root, password xxxxxx  output log_acid_db: mysql, 
database snort, server localhost, user root, password xxxxx, 
detail full


I will change the user for database logging from root once it's 
all good and tidy. Am I supposed to have file names following the 
alert_fast and log_dump items?  Initially I had 
/var/log/snort/fast.alert and /var/log/snort/log.dump

Scott


***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

***************************

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bamm



Visscher
Sent: Thursday, July 17, 2003 3:26 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] barnyard errors


Can you please include the uncommented portions of your
barnyard.conf.

Bammkkkk

On Thu, Jul 17, 2003 at 03:07:49PM -0400, Scott Renna wrote:

Ok,

So i took a look at the config file and made some changes, but 
I'm



still running into weird errors when starting barnyard:

-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb () snort org)
and Martin Roesch (roesch () sourcefire com, www.snort.org)

Loading Data Processors...
dp_alert loaded
dp_log loaded
dp_stream_stat loaded
Loading Built-in Output Plugins...
Fast Alert plugin initialized
AlertSyslog initialized
Log Dump plugin initialized
LogPcap initialized
AlertCSV initialized
Parsing Config file: /usr/local/etc/barnyard.conf WARNING 
/usr/local/etc/barnyard.conf(135) => Unknown output plugin



"alert_acid_db" referenced, ignoring!WARNING
/usr/local/etc/barnyard.conf(136) => Unknown output plugin 
"log_acid_db" referenced, ignoring!Archive Directory is NULL

Config

File =/usr/local/etc/barnyard.conf Log

Dir=/var/log/snort/barnyard/

Spool Dir=/var/log/snort
Spool File=snort.alert
Waldo File=/var/log/snort/waldo.log
Sid File=/usr/local/etc/snort/sid-msg.map
Gen File=/usr/local/etc/snort/gen-msg.map
Hostname=bsdtest
Interface=dc0
Filter=not port 22
Record Number: 0
Log Flag: 1
Verbosity Level=0
File Arg Start: 0
Dry Run mode enabled
commandline: barnyard -c /usr/local/etc/barnyard.conf -f 
/var/log/snort.log -g /usr/local/etc/snort/gen-msg.map -s 
/usr/local/etc/snort/sid-msg.map -L /var/log/snort/barnyard/ -w 
/var/log/snort/waldo.log -R



Here's the weird part, it says the spool file is snort.alert, 
however,



my command line specifies that the spool file should be
/var/log/snort.log

Is there a good site or forum for troubleshooting Barnyard?
Anyone got some ideas?

Scott
***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

***************************




-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single 
machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
machines at the same time. Free trial click here: 
http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single 
machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
machines at the same time. Free trial click here: 
http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: