Re: Response 1: Barnyard trouble acid_db

[Paul Schmehl <pauls () utdallas edu>]

--On Thursday, February 23, 2006 15:34:55 -0500 "Jacob, Raymond A Jr" 
<raymond.jacob () navy mil> wrote:
> I believe I downloaded the packages from
> ftp.bsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All/barnyard-0.2.
> 0.tbz  48303 Oct 12 13:36 and
> ftp.bsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All/barnyard-0.2.0.t
> bz     48329 Feb 12 11:43
>
> I tried both packages and they could not find the acid_db plugin.
Thanks.  I'll d/l them and try to figure out what's going on.

> Next I took your suggestion and cd to /usr/ports/security/barnyard/
> and ran make install.
>
> ports kept trying to fetch mysq-client-4.13.tar.gz from alot of strange
> places.
The port Makefile assumes that bsd.ports.mk will make the decision about 
what version of mysql-client to use.

> I am thinking because I have not run cvsup yet  that
> the ports tree is out of date. I can not run cvsup until after hours and
> I forgot to run it last night.

Definitely cvsup first.

> Next:
> I downloaded the package:
>  ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/databases/my
> sql-client-4.1.13.tbz
>
> then ran pkg_add -f mysql-client-4.1.13.tbz. I had already installed
> mysql-client-4.1.16_1 to get snort to send alerts to the mysql database
> before I decided to try barnyard. so I had to force the install of
> mysql-client-4.1.13.tbz.
>
> I don't know why barnyard requires mysql-client-4.1.13 and did not use
> mysql-client-4.1.16_1 in /var/db.

It most likely has to do with when the pkg was built.  That's why I never 
use packages.

> I typed: cd
> /usr/ports/security/barnyard,ran make, make install, and clean. I ran
> barnyard.I did not get mysql errors anymore that I had with version that
> I downloaded from www.snort.org/dl/barnyard and barnyard is attempting to
> contact the mysql database.
>
> A few questions if I may:
> Question1: It is my understanding one can have more than one instance of
> barnyard running.

Yes, this is true.

>  Does each barnyard require its own unifed log/alert
> file or can multiple barnyard processes share the same output file?

I don't believe they can share the same output file.  I'm not certain about 
that, though.  (I'm also not sure why you would want to do that.)

> Question2: How do I turn the /doc/USAGE file into a man page?

You don't, unless you know a utility that will convert text files into man 
pages.

> Question3: Where is the MASTER_SITE info kept for mysql? I would like to
> speed up install when I do this on another box instead of typing
> make MASTER_SITE_OVERIDE
> =ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/databases/
> in the /usr/ports/database/mysql41-client directory.
They're defined in /usr/ports/Mk/bsd.sites.mk.  Search for 
MASTER_SITE_MYSQL in the file.  The list is immediately below that.  If 
there's a site that's not working, please let the folks at FreeBSD know so 
they can fix or remove it.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users