Re: Barnyard

["John Creegan" <jcreegan () questarweb com>]

I'm missing library files, and am trying to find what provides them one
by one. It's taking a frustratingly long time, especially since I seem
to be an interruption magnet today.  Still running snort 2.01 as well.

I'm also working with Jeff Nathan, who generously sent me an executable
he compiled, but

Jeff:  I'm missing libmysqlclient.so.10. It's not anywhere on my
system.

Thanks for all the help so far, please keep it coming!



> > > "Steven Rudolph" <srudolph () iocenter net> 10/09/03 08:50AM >>>
John,
I had a working implementation of this a few weeks ago - Solaris 8 on
an
Ultra 5.
I did not see much performance improvement with about 10Mb of traffic.
My setup is distributed, so I compiled MySQL with --client-only on the
Snort machine.

Snort 2.0.2 configure:
./configure --with-mysql=/usr/local/mysql
--with-libpcap-libraries=/usr/src/libpcap-0.7.1
--with-libpacp-includes=/usr/src/libpcap-0.7.1 --enable-flexresp

Barnyard configure:
./configure --enable-mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
-with-mysql-libraries=/usr/local/mysql/lib/mysql 

barnyard runtime command:
-a /var/log/snort/archive -c /etc/barnyard.conf -f
/var/log/snortunified
-g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -w
/var/log/snort/waldo -L /var/log/snort/barn.log

Change the output configuration in Snort to unified, and start Snort.
Second start Barnyard.

Steve

-----Original Message-----
From: John Creegan [mailto:jcreegan () questarweb com] 
Sent: Wednesday, October 08, 2003 11:47 AM
To: snort-users () lists sourceforge net 
Subject: [Snort-users] Barnyard


I've tried everything I can find in the archives.  Still no luck.

There was a fairly extensive conversation between Jeff Nathan and
Scott
Renna in which Jeff suggests making changes to the configure.in file.

I did that, but aclocal is to be a directory on my system (or maybe an
alias on Jeff's machine), autoheader worked, I don't have automake,
autoconf I do have, and did work, bit since I missed the autoconf
step,
that was just a test anyway.

And after all that I did a systemwide file search and I don't have any
file related to mysql and connect anywhere on my system.

Has anyone gotten Barnyard to work with mysql 4 and Solaris 8 WITHOUT
having to kill all the tests as John Byrnes (thanks for the sympathy!)
did?

John:  have you seen any problems with Barnyard with the way you
compiled it, and is there any chance you still have that script (hope,
hope, hope... :-)

I have plans to minimize and harden the system, but I have not done
any
of that yet, so this is still the basic Solaris install on a Sparc
Ultra
5.


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects. See the people
who have HELPED US provide better services: Click here:
http://sourceforge.net/supporters.php 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users