Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue

[Jeremy Hoel <jthoel () gmail com>]

That's odd.  We build regular boxes all the time, and i just did a few
of the new snort builds and they didn't have any sql as part of the
build

'./configure --enable-zlib --enable-reload
--with-daq_includes=/usr/local/include
--with-daq_libraries=/usr/local/lib --enable-perfprofiling
--enable-ppm --enable-static-daq'

and then we build barnyard with the sql bit './configure --with-mysql
--with-mysql-libraries=/usr/lib64/mysql --with-tcl=/usr/lib64'

You are doing your own barnyard compile right?  I noticed you use
mssql.. i don't have any experiance with that part, but it should be
close to the same.

have you tried building barnyard again?

Looking at the barnyard source, this does seem like a barnyard error

src/output-plugins/spo_database.c:            ErrorMessage("database:
'%s' support is not compiled into this build of snort\n\n", type);


On Thu, Aug 30, 2012 at 6:00 PM, Eric Biederman
<Eric.Biederman () mrsassociates com> wrote:
> My start script. /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
> /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo
>
>
>
>
>
> Running in Continuous mode
>
>
>
>         --== Initializing Barnyard2 ==--
>
> Initializing Input Plugins!
>
> Initializing Output Plugins!
>
> Parsing config file "/etc/snort/barnyard2.conf"
>
> Log directory = /var/log/barnyard2
>
> database: 'mssql' support is not compiled into this build of snort
>
>
>
> ERROR: If this build of snort was obtained as a binary distribution (e.g.,
> rpm,
>
> or Windows), then check for alternate builds that contains the necessary
>
> 'mssql' support.
>
>
>
> If this build of snort was compiled by you, then re-run the
>
> the ./configure script using the '--with-mssql' switch.
>
> For non-standard installations of a database, the '--with-mssql=DIR'
>
> syntax may need to be used to specify the base directory of the DB install.
>
>
>
> See the database documentation for cursory details (doc/README.database).
>
> and the URL to the most recent database plugin documentation.
>
> Fatal Error, Quitting..
>
>
>
>
>
>
>
> From: Jeremy Hoel [mailto:jthoel () gmail com]
> Sent: Thursday, August 30, 2012 1:58 PM
> To: Eric Biederman
> Subject: Re: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue
>
>
>
> Can you copy and paste the exact error.. I'm willing to bet its barnyard2
> that was compiled without the MySQL libraries.
>
> On Aug 30, 2012 1:45 PM, "Eric Biederman" <Eric.Biederman () mrsassociates com>
> wrote:
>
> I am having a problem where when I try to start my Barnyard2 system I am
> getting notified that my version of snort was not configured with mysql
> support and to recompile with this support. My understanding is that Snort
> 2.9.3.1 no longer handles mysql and leaves it to 3rd parties to deal with.
>
> My snort install runs fine to logs and I can start Barnyard without the
> mysql call with no apparent problems but once I add the mysql output back
> into my barnyard.conf file I am unable to start it
>
>
>
> CentOS6.2
>
> Snort-2.9.3.1
>
> BarnYard2 – 2.1.9
>
>
>
> This is my first pass at implementing this configuration to replace a
> windows based snort and MSSQL system.  I missing something easy?
>
>
>
> Thank you
>
> Eric
>
>
>
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!