Making zero headway with barnyard

[Michael Miller <michael.miller () state co us>]

(see bottom of email for germane configs)

I've got a snort system up and running with Mysql and ACID on a Suse 8.2
box, all compiled from code, all works as advertised.

I can't get Barnyard to work...at all. Can you see anything obvious I'm
missing?

===============Details===================
I've built Snort with './configure --with-mysql=/usr/local/mysql' and it
generates a makefile with mysql support just fine.

I've built Barnyard (both 0.1.0 and 0.2.0) using './configure --with-mysql'
and see no output referencing MySql. 

The snort.conf on the sensor is writing unified alert and log files. The
command to run snort is: '-c /home/ids/rules/snort.conf -l /home/ids/logs -D
-i eth1'

I've FINALLY got barnyard to stop complaining about bad magic numbers by
removing the -Xbed flags.

I can't get Barnyard to generate ANY outputs, it gives 'Unknown output
plugin "XXX" referenced, ignoring! Where XXX = log_acid_db, log_dump,
log_pcap or alert_acid_db

I'm calling barnyard with: barnyard -c /etc/snort/barnyard.ids3.conf -d
/home/idsdb/logs/ids3 -f snort.log -R

The relevant part of the sensor's snort.conf is:
===========
## Output Modules
## --------------
#output database: log, mysql, dbname=db user=root host=localhost
password=test
#output log_tcpdump: tcpdump.log
output log_unified: filename snort.log, limit 128
#
#output alert_syslog: LOG_AUTH LOG_ALERT
output alert_unified: filename snort.alert, limit 128
============

The relevant part of barnyard.ids3.conf is:
============
# acid_db
#-------------------------------
# Available as both a log and alert output plugin.  Used to output data into
# the db schema used by ACID
# Arguments:
#      $db_flavor           - what flavor of database (ie, mysql)
#      sensor_id $sensor_id - integer sensor id to insert data as
#      database $database   - name of the database
#      server $server       - server the database is located on
#      user $user           - username to connect to the database as
#      password $password   - password for database authentication
# output alert_acid_db: mysql, sensor_id 1, database snort, server
localhost, user root
# output log_acid_db: mysql, database snort, server localhost, user root,
detail full

#output alert_acid_db: mysql, sensor_id 1, database snort, server localhost,
user snortuser, password snortpassword
output log_acid_db: mysql, database snort, server localhost, user snortuser,
password snortuser, detail full


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users