Snort mailing list archives

Re: More ACID BASE Help

From: Shaun Marlin <shaun.marlin () canalta com>
Date: Thu, 16 May 2013 20:41:02 +0000

Ok, so I did that and now I am getting this error.

**********************************************
  ERROR: unable to find mysqlclient library (libmysqlclient.*)
  checked in the following places
        /usr/lib64/mysql
        /usr/lib64/mysql/lib
        /usr/lib64/mysql/mysql
        /usr/lib64/mysql/mysql/lib
        /usr/lib64/mysql/lib/mysql
**********************************************
Where can I go to redownload libmysqlclient from?
From: Jeremy Hoel [mailto:jthoel () gmail com]
Sent: Thursday, May 16, 2013 2:21 PM
To: Shaun Marlin
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] More ACID BASE Help

You do see the error right?  that needs to be fixed.

Is this a 64 bit machine?

If so you need to run config and point to the library..

./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql

or whereever it is at..



On Thu, May 16, 2013 at 1:54 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote:
This is what I installed in order to prep the OS for this project

apt-get update && apt-get -y install apache2 apache2-doc autoconf automake bison ca-certificates ethtool flex g++ gcc 
gcc-4.4 libapache2-modphp5 libcrypt-ssleay-perl libmysqlclient-dev libnet1 libnet1-dev libpcre3 libpcre3-dev 
libphp-adodb libssl-dev libtool libwww-perl make mysqlclient mysql-common mysql-server ntp php5-cli php5-gd php5-mysql 
php-pear sendmail sysstat usbmount vim

From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>]
Sent: Thursday, May 16, 2013 1:51 PM

To: Shaun Marlin
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] More ACID BASE Help

Ok.. so then it didn't work the first time either..  Notice these errors.

**********************************************
  ERROR: unable to find mysqlclient library (libmysqlclient.*)
  checked in the following places
        /usr
        /usr/lib
        /usr/mysql
        /usr/mysql/lib
        /usr/lib/mysql
        /usr/local
        /usr/local/lib
        /usr/local/mysql
        /usr/local/mysql/lib
        /usr/local/lib/mysql
**********************************************


Do you have mysql-devel type packages installed?  to provide libmysqlclient?



On Thu, May 16, 2013 at 1:44 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote:
Ok this is what I got when I ran the install again

root@SENTRY:/usr/src/barnyard2-master# ./configure --with-mysql && make && make install
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... none
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu format... func_convert_file_noop
checking how to convert i686-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc option to accept ISO C99... -std=gnu99
checking for gcc -std=gnu99 option to accept ISO Standard C... (cached) -std=gnu99
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking dependency style of gcc... (cached) none
checking whether byte ordering is bigendian... no
checking for bison... bison
checking for flex... flex
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/sockio.h usability... no
checking sys/sockio.h presence... no
checking for sys/sockio.h... no
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking for inttypes.h... (cached) yes
checking wchar.h usability... yes
checking wchar.h presence... yes
checking for wchar.h... yes
checking math.h usability... yes
checking math.h presence... yes
checking for math.h... yes
checking for floor in -lm... yes
checking for ceil in -lm... yes
checking for inet_ntoa in -lnsl... yes
checking for socket in -lsocket... no
checking whether printf must be declared... no
checking whether fprintf must be declared... no
checking whether syslog must be declared... no
checking whether puts must be declared... no
checking whether fputs must be declared... no
checking whether fputc must be declared... no
checking whether fopen must be declared... no
checking whether fclose must be declared... no
checking whether fwrite must be declared... no
checking whether fflush must be declared... no
checking whether getopt must be declared... no
checking whether bzero must be declared... no
checking whether bcopy must be declared... no
checking whether memset must be declared... no
checking whether strtol must be declared... no
checking whether strcasecmp must be declared... no
checking whether strncasecmp must be declared... no
checking whether strerror must be declared... no
checking whether perror must be declared... no
checking whether socket must be declared... no
checking whether sendto must be declared... no
checking whether vsnprintf must be declared... no
checking whether snprintf must be declared... no
checking whether strtoul must be declared... no
checking for snprintf... yes
checking for strlcpy... no
checking for strlcat... no
checking for strerror... yes
checking for vswprintf... yes
checking for wprintf... yes
checking size of char... 1
checking size of short... 2
checking size of int... 4
checking size of long int... 4
checking size of long long int... 8
checking size of unsigned int... 4
checking size of unsigned long int... 4
checking size of unsigned long long int... 8
checking for u_int8_t... yes
checking for u_int16_t... yes
checking for u_int32_t... yes
checking for u_int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for INADDR_NONE... yes
checking for __FUNCTION__... yes
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking for pcap_datalink in -lpcap... yes
checking for sparc... no
checking for mysql...

**********************************************
  ERROR: unable to find mysqlclient library (libmysqlclient.*)
  checked in the following places
        /usr
        /usr/lib
        /usr/mysql
        /usr/mysql/lib
        /usr/lib/mysql
        /usr/local
        /usr/local/lib
        /usr/local/mysql
        /usr/local/mysql/lib
        /usr/local/lib/mysql
**********************************************

From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>]
Sent: Thursday, May 16, 2013 1:30 PM

To: Shaun Marlin
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] More ACID BASE Help

Well, if locatedb is installed I like this 'updatedb' and 'locate barnyard2 | grep bin''  and that would be a good 
starting place.

But you could also back to the /usr/src/barnyard2* directory and run 'sudo make install' or 'make install' as root and 
look at the output.
On Thu, May 16, 2013 at 1:27 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote:
What would be the best command to run to find out where it was put.  I didn't see anything while doing the install 
about where it would put the barnyard2 bin file

From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>]
Sent: Thursday, May 16, 2013 1:19 PM

To: Shaun Marlin
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] More ACID BASE Help

It won't be in a directory.. it should just be a bin by itself.

When you build from source, if you do 'make install' as root or as sudo , it should but the binary somewhere, normally 
/usr/local/bin
On Thu, May 16, 2013 at 1:17 PM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote:
No there is no barnyard2 binary in /usr/local/bin

I to find the file, but was not able to find a barnyard2 directory.

From: Jeremy Hoel [mailto:jthoel () gmail com<mailto:jthoel () gmail com>]
Sent: Wednesday, May 15, 2013 10:05 PM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>

Subject: Re: [Snort-users] More ACID BASE Help

Is there a barnyard2 binary in /usr/local/bin?

when you did make install in the /usr/src/barnyard2 directory was there any errors?

Have you tried an 'updatedb' and 'locate barnyard2 | grep bin'

Also - please keep replies to the list so that others may learn or help.

Thanks!
On Thu, May 16, 2013 at 3:35 AM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote:
Now that I have that in place, I have tried to run snort and barnyard using


Now start snort and barnyard with these commands:

# /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 &

# /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G 
/etc/snort/gen-msg.map -S

/etc/snort/sid-msg.map -C /etc/snort/classification.config &



But when I run the second command I get



root@######:/usr/src<mailto:root@#%23%23%23%23%23:/usr/src># /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d 
/var/log/snort -f snort.log /etc/snort/sid-msg.map -C /etc/snort/classification.config &
[2] 350
root@######:/usr/src<mailto:root@#%23%23%23%23%23:/usr/src># -bash: /usr/local/bin/barnyard2: No such file or directory



________________________________
From: Jeremy Hoel [jthoel () gmail com<mailto:jthoel () gmail com>]
Sent: Wednesday, May 15, 2013 8:42 PM
To: Shaun Marlin
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] More ACID BASE Help
Look in the barnyard2-* folder in /usr/src; there should a folder called etc and in there is the default barnyard2.conf


you could run 'mv etc/barnyard2.conf /etc/snort'


On Thu, May 16, 2013 at 2:21 AM, Shaun Marlin <shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>> wrote:
Hi there again,

So I was directed to use this document http://s3.amazonaws.com/snort-org/www/assets/167/deb_snort_howto.pdf, which to 
its credit has worked well so far.  Right now I am stumped on this section.

4. Install & configure Barnyard2
# cd /usr/src && wget https://github.com/firnsy/barnyard2/archive/master.tar.gz
# tar -zxf master.tar.gz && cd barnyard2-*
# autoreconf -fvi -I ./m4 && ./configure --with-mysql && make && make install
# mv /usr/local/etc/barnyard2.conf /etc/snort
# cp schemas/create_mysql /usr/src

When I run the command
mv /usr/local/etc/barnyard2.conf /etc/snort

I get the following error
root@#####:/usr/src/barnyard2-master# mv /usr/local/etc/barnyard2.conf /etc/snort
mv: cannot stat `/usr/local/etc/barnyard2.conf': No such file or directory

I looked in that folder and there was no barnyard2.conf file at all.

Other than that it is going fine

Can someone tell my why I can't find barnyard2.conf, or better yet where it is located when installed on Debian 7?

Thanks
-Shaun


Shaun Marlin
Network Administrator

[cid:image001.jpg@01CE5243.6334E360]
Canalta Family of Companies


2109 - 545 Highway 10 East
Drumheller AB Canada T0J 0Y0
PHONE: (403) 820-3865<tel:%28403%29%20820-3865>
CELL:     (403) 334-1313<tel:%28403%29%20334-1313>


EMAIL:   shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>
WEB:      www.canalta.com<http://www.canalta.com>







------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: More ACID BASE Help, (continued)
- Re: More ACID BASE Help Jeremy Hoel (May 15)
  - Message not available
    - Re: More ACID BASE Help Jeremy Hoel (May 15)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Shaun Marlin (May 16)
    - Re: More ACID BASE Help Jeremy Hoel (May 16)

(Thread continues...)