Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Error in reading unified2 log files

From: basant subba <basantsubba () gmail com>
Date: Fri, 2 May 2014 12:23:37 +0530
I am trying to process the unified2 output from /var/log/snort using the
following command

barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2

But I am getting this error:: ERROR database: 'mssql' support is not
compiled into this build of snort. My snort version is 2.9.2 and guessing
from the output error I think this version of snort doesn't support mysql.
I tried  ./configure--with-mssql too but that doesn't help either. Can
anyone guide me on how to upgrade my snort to latest version that supports
mysql. Thanks in advance.

Here's my complete output message.

root@basant-A7GMX-K:/var/log/snort# barnyard2 -c /etc/snort/barnyard2.conf
-d /var/log/snort -f snort.u2
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
ERROR database: 'mssql' support is not compiled into this build of snort

ERROR: If this build of barnyard2 was obtained as a binary distribution
(e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mssql' support.

If this build of barnyard2 was compiled by you, then re-run the
the ./configure script using the '--with-mssql' switch.
For non-standard installations of a database, the '--with-mssql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
Barnyard2 exiting
===============================================================================
Record Totals:
   Records:           0
   Events:           0 (0.000%)
   Packets:           0 (0.000%)
   Unknown:           0 (0.000%)
   Suppressed:           0 (0.000%)
===============================================================================

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: