Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user

[Kurt Jensen <technicalfriend () yahoo com>]

Hi thanks for your replies YM (and others) my apologies where I did not notice who was who in the thread.

On MySQl libraries and headers in SuSE 12 it is all there yes and MYSql runs but if it matters it is the "community" 
version.  

Snorby also added and configured a database there and we can access it, that seems good.  Yet we are still a bit lost 
on the rest like which config file to edit for Barnyard2 to use our MYSql and the default Snort 2945 unified output.  
(For all I can tell unified was built-in with Snort already).  

I guess we are not finding the right documents but not sure why.  In the latest Barnyard docs with the download the 
info in the database readme still directs us to setting snort configs there but it seems this task belongs in Barnyard 
in folders it provided, not in Snort am I right?  As far as online we have not been finding any better docs.  Is there 
a Barnyard repository of docs we are missing?  I guess our being newbies at this one has beaten us.   

We did re-pull barnyard2 down again via git hub instead and reistalled using the documented commands you sent and the 
shorter one worked.  If we need to we can rerun it using the longer command.  

on ldconfig use with the command you gave us we used but that was when ldconfig errored out wanting all those 
"graphviz" (some app Snorby gems needed) pieces.  Once we got those loaded it appears ldconfig got mysql too, but some 
keyring and security cert piece missing but I dont think those relate.

Kurt

 

Y M <snort () outlook com> wrote:

> Correction, sorry for the noise.
>
> From: snort () outlook com
> To: technicalfriend () yahoo com; snort-users () lists sourceforge net; barnyard2-users () googlegroups com
> Date: Mon, 29 Apr 2013 15:00:29 +0000
> Subject: Re: [Snort-users] Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" 
> message followup - 1st time barnyard user
>
>
>
>
> inline.
>
> From: technicalfriend () yahoo com
> To: snort-users () lists sourceforge net; barnyard2-users () googlegroups com
> Date: Thu, 25 Apr 2013 11:38:38 -0400
> Subject: [Snort-users] Barnyard2 configure/compile problems and startup        error: "Snort not compiled to use 
> mysql" message followup -     1st time barnyard user
>
> Hi this is a follow-up after trying some of the steps recommended from the other day to get my first build of Barnyard 
> working with Snort so  we can write Snort output to mysql, as a Snorby sensor.  There is a little progress but sadly 
> Barnyard2 is still not working, here is where we are now: Joel said “Snort's support to directly write to a database 
> is no longer an option since Snort 2.9.2, if I recall correctly.” 
> Joel did not say that, I did. Joel simply corrected me with which version.
> We definitely agree and had read and expected that, however when we tried to build Barnyard2 the error message 
> Barnyard gave us then said “Snort was not compiled to use mysql” and directed us to some steps to try and do that, so 
> it appears that message needs updated, so we got off-track a little while with that, fyi.  We had started trying the 
> –with-mysql option with barnyard instead, leading to the following:
>
> “Instead, you compile MySQL support with Barnyard2:
>
> ./configure --with-mysql --with-mysql-libraries=<path to the mysql libs>
> Thats also me; the two lines above. Another user in the list corrected me that you may not necessarily need to use 
> --with-my-sql-libraries, if your MySQL libraries are already in the dynamic libraries path.
>
> In Snort, you would use unified2 as an output plugin to write unified2 logs and have Barnyard2 parse these into the 
> database. In the docs section on Snort's website you will find step by step documentation on how to do that on SuSE, 
> 12.x as well as other OSs.”
> Again, the above two lines are also me.
> QUESTION:  Is “unified” required also to do this?  We had not seen that one listed and have not added, it seemed like 
> all we needed was what was listed under the Snort requirements and Barnyard (knowing we had added mysql with –dev 
> libraries/header files..?  Sorry we are a bit lost with the big picture of this larger process, there have been lots 
> and lots of packages to go back and add.
> Which output plugin are you using in your snort.conf file? If you use the unified2 output plugin in snort.conf, snort 
> will generate unified2 logs and store them in log directory you setup, or the default, during installation. Barnyard2 
> will parse the unified2 logs and store the data into the database Also we followed this one other recommendation sent 
> over:  “Then you will need to make sure you have installed mysql client libraries and headers (this is generaly 
> mysql-dev package on most distro). From there you will need to make sure your mysql libraries are in your libaries 
> dynamic path. ex: ldconfig -v | grep mysql”   Our results here seem mixed, we are not sure it worked.  When first 
> trying it we had a lot of “graphviz” objects that it could not find.  We had graphviz and its dev headers but we went 
> ahead and added all those objects, and it found mysql but there were keyring and some other items ldconfig had trouble 
> with – we are not sure how any of these applied or mattered, not using?  We just wanted to send Snort log data over to 
> mysql so Snorby could read it, lost?  Our team at the college appreciates your help.   I plan on making sure our 
> entire process and all these requirements are documented when all this is done, there has been so many steps.  I am 
> not sure I completely understand whats said above, what is "graphviz"?
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service 
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!                                       
>  
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service 
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!                                       
>  
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service 
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!