Re: More ACID BASE Help

[beenph <beenph () gmail com>]

====[ Tought i sent that e-mail before but it seem's like it was pending in
my draft....sorry! ]=====


Hi 2 all :),
Sorry for top posting but i just want to drop some comments in the thread
concerning previous posting,

Under Linux and other unices,
libraries can be installed everywhere.

Most of the times what you will need to do is to update
/etc/ld.so.conf (this file contain path for the dynamic linker runtime
library bindings (man page ;) )

Thus in your case Shaun, its greatly possible that even if you installed the
 mysql-dev* package for your distro, that the library path
/usr/lib/i386-linux-gnu  was not in the file (/etc/ld.so.conf).

It is also possible that he path was in the file but that the cache was not
updated so its allways good to run
the ldconfig command without argument as root when you install net
libraries on the system.

This will generaly allow automake to find the libraries when you are
building from source.

If for some reason you would not want to put a certain directoy into the
/etc/ld.so.conf file then
for example when you are configuring barnyard2 source you would want to use
--with-mysql-libraries=<some path>.

But if the path is found when you do for example ldconfig -v | grep "mysql"
and you see the library, then you could
just use --with-mysql and automake should find it without an issue.

As for gen-msg.map, i think the file that are the most up to date allways
come in the rule package (community or subscribtion).
You can also allways copy it from the extracted source directory found in
<extracted source path>/etc/gen-msg.map.

But as Jeremy recommended, it might be good if you (Shaun) are new to snort
to maybe use
pulled pork so it should handle generation of sid-msg.map file and
gen-msg.map file for you.

As for the previous error concerning duplicate inclusion of the option for
gen-msg.map
 or sid-msg.map file, those are there to prevent double inclusion of those
file via
command line and configuration file, thus people who want to use command
line
argument can use it or people that prefer configuration file  inclusion can
choose it.

And if you have more questions Shaun concerning barnyard2 do not hesitate
to post
it to the barnyard2-users google group, and as Joel Esler would say (you
can also post to snort-users) :)

-elz



On Thu, May 16, 2013 at 7:08 PM, Jeremy Hoel <jthoel () gmail com> wrote:

> I'm pretty sure that comes with the rule tarball.  Did you grab the rules
> file?
>
> Also, look at pullpork vs oinkmaster.
>
> And, if you are running this as a test, you might check out secuirtyonion,
> as it does all this for you and helps get you up and running quickly..
>
>
> On Thu, May 16, 2013 at 10:55 PM, Shaun Marlin <shaun.marlin () canalta com>wrote:
>
> > Ok, so I have hit yet another wall.  /etc/snort/gen-msg.map does not
> > exist on the SNORT install at all.  I have looked in over a dozen places
> > thinking it could be there.  I have also looked at various places to have
> > it created using the likes of OINKmaster, but I cannot get it to generate.
> > I’m really sorry for being a pain.****
> >
> > ** **
> >
> > ** **
> >
> > *Shaun Marlin*
> > Network Administrator
> >
> >
> > *Canalta Family of Companies*
> >
> > 2109 - 545 Highway 10 East
> > Drumheller AB Canada T0J 0Y0
> > PHONE: (403) 820-3865
> > CELL:     (403) 334-1313
> >
> > EMAIL:   shaun.marlin () canalta com
> > WEB:      www.canalta.com
> >
> >
> >
> > *From:* Jeremy Hoel [mailto:jthoel () gmail com]
> > *Sent:* Thursday, May 16, 2013 3:55 PM
> >
> > *To:* Shaun Marlin
> > *Cc:* snort-users () lists sourceforge net
> >  *Subject:* Re: [Snort-users] More ACID BASE Help****
> >
> > ** **
> >
> > Ok.. you can see in the error that you have something listed twice.****
> >
> > ** **
> >
> > remove the -S option.  please try some things out before you keep coming
> > back to the list.. the problems a lot of times are in the error message.*
> > ***
> >
> > On Thu, May 16, 2013 at 9:53 PM, Shaun Marlin <shaun.marlin () canalta com>
> > wrote:****
> >
> > Ok, so I launch barnyard now, and I get this…****
> >
> >  ****
> >
> > root@SENTRY:/usr/src/barnyard2-master# Running in Continuous mode****
> >
> >  ****
> >
> >         --== Initializing Barnyard2 ==--****
> >
> > Initializing Input Plugins!****
> >
> > Initializing Output Plugins!****
> >
> > Parsing config file "/etc/snort/barnyard2.conf"****
> >
> > ERROR: The sid map file was included two times command line (-S)
> > [/etc/snort/sid-msg.map] and in the configuration file (config sid_map)
> > [/etc/snort/sid-msg.map].****
> >
> > It only need to be defined once.****
> >
> > Fatal Error, Quitting..****
> >
> > Barnyard2 exiting****
> >
> >  ****
> >
> > *From:* Jeremy Hoel [mailto:jthoel () gmail com]
> > *Sent:* Thursday, May 16, 2013 3:40 PM****
> >
> >
> > *To:* Shaun Marlin
> > *Cc:* snort-users () lists sourceforge net****
> >
> > *Subject:* RE: [Snort-users] More ACID BASE Help****
> >
> >  ****
> >
> > With a make and make install and no errors?****
> >
> > Then yes.. Check /usr/local/bin****
> >
> > ** **
>
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!