Snort mailing list archives
Re: Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid
From: Kurt Jensen <kjensencissp () gmail com>
Date: Wed, 24 Apr 2013 16:42:18 -0400
Yes thanks we intend to use the barnyard2 piece to feed the data to our mysql we suspected it was not really snort that needed recompiled as the message said. We have all the packages, libraries, headers etc and did try running some steps to get all these talking that is like this: snort > barnyard2 > mysql > snorby but clearly being new to this setup we must have missed some of these command steps and options. We tried to find the documentation you mentioned but didnt. Might you have a link or pointer to that? We used the Snort provided Setup Guides and init scripts to get this far but found nothing there on this piece yet. We are completely new to Barnyard2 and anything beyond basic Snort with default logs. Thanks Y M <snort () outlook com> wrote:
Snort's support to directly write to a database is no longer an option since Snort 2.9.2, if I recall correctly. Instead, you compile MySQL support with Barnyard2: ./configure --with-mysql --with-mysql-libraries=<path to the mysql libs> In Snort, you would use unified2 as an output plugin to write unified2 logs and have Barnyard2 parse these into the database. In the docs section on Snort's website you will find step by step documentation on how to do that on SuSE, 12.x as well as other OSs. ________________________________ From: Kurt Jensen<mailto:kjensencissp () gmail com> Sent: 4/24/2013 10:44 PM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid hello: We have a working install of Snort 2.9.4.5 on SuSE 12.2 that logs fine but we need to use Barnyard2 and send this data to mysql. We did not know of any manual steps or added options being required to compile Snort for mysql use with barnyard. When we start barnyard2 for use with Snort, mysql and Snorby we get the "snort not compiled for use with mysql" errors and barnyard2 fatals out. We found some options online for snort compiling that also did not work or: ./configure --with-mysql when trying that option or several versions of it the compile runs to the end but then fails at this step and flags it as an invalid option. Can anyone tell us what the correct command and options are please to compile Snort and Barnyard to use mysql? Thanks! James Lay <jlay () slave-tothe-box net> wrote:On 2013-04-24 09:52, John Ainsworth wrote:Hi Im pulling my hair out on this problem I have installed Snort on Ubunutu 12.04 , 2 nics eth0 used for management eth1 is receiving traffic that is coming into our firewall via SPAN on the switch0 byte u2 files mean no alerts happened. Have you set something like: output alert_fast: snortalert.fast in your snort.conf to verify that you're getting alerts at all? James ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Barnyard2 startup error: Snort not compiled to use mysql but --with-mysql option invalid Kurt Jensen (Apr 24)