Re: Fwd: ./configure correct with-mysql-libraries for Rasberry PI 3.18.11-v7+

["Davison, Charles Robert" <cdaviso1 () vols utk edu>]

Charlie,

I'm not sure if these instructions will work on a Pi but they worked for me on Ubuntu 14.01. BTW if you or anyone have 
complete install instructions for PFRING let me know I need it to finish a free snort class I will be posting on 
Youtube. Keep in mind you might want to change your passwords, I defaulted to toor for the password but this is a demo 
box, and not in production.

Barnyard 2 Install Instructions:

sudo apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool
yagiuda libdumbnet1 checkinstall libdnet
sudo apt-get install libdubmnet-dev
sudo ldconfig

wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar zxvf libdnet-1.12.tgz
cd libdnet-1.12/
./configure CFLAGS=-fPIC; make
sudo checkinstall
y 
sudo dpkg -i libdnet_1.12-1_amd64.deb
sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
n
y

Line 520 Add:
output unified2: filename snort.u2, limit 128

cd ~/snort_src
wget https://github.com/firnsy/barnyard2/archive/master.tar.gz -O barnyard2-2-1.13.tar.gz
tar zxvf barnyard2-2-1.13.tar.gz
cd barnyard2-master
autoreconf -fvi -I ./m4
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu
make
sudo make install

cd ~/snort_src/barnyard2-master
sudo cp etc/barnyard2.conf /etc/snort
sudo mkdir /var/log/barnyard2
sudo chown snort.snort /var/log/barnyard2
sudo touch /var/log/snort/barnyard2.waldo
sudo chown snort.snort /var/log/snort/barnyard2.waldo
sudo touch /etc/snort/sid-msg.map

echo "create database snort;" | mysql -u root -p
mysql -u root -p -D snort < ~/snort_src/barnyard2-master/schemas/create_mysql
echo "grant create, insert, select, delete, update on snort.* to \
snort@localhost identified by 'toor'" | mysql -u root -p

Add To /etc/snort/barnyard2.conf
output database: log, mysql, user=snort password=toor dbname=snort host=localhost

sudo chmod o-r  /etc/snort/barnyard2.conf

sudo /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
user@snortserver:/var/log/snort$  ls -l /var/log/snort/

sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo \
-g snort -u snort
mysql -u snort -p -D snort -e "select count(*) from event"

-----Original Message-----
From: Charlie [mailto:ForFun2000 () hotmail com] 
Sent: Wednesday, July 29, 2015 10:42 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Fwd: ./configure correct with-mysql-libraries for Rasberry PI 3.18.11-v7+


Hi

I am trying to install barnyard2-1.13 on Linux RaspberryPI2 3.18.11-v7+ . I realise this is a Snort forum BUT there is 
no response from

barnyard2-users () googlegroups com.

Q1) Is barnyard2 still supported? If not what is the alternative?


Q2) When I run:
sudo ./configure --with-mysql
--with-mysql-libraries=/usr/lib/arm-linux-gnueabihf
sudo make
sudo make install

It configures then compiles ok BUT is /usr/lib/arm-linux-gnueabihf correct?

Thanks in advance

PS I loaded the following pre-req:
sudo apt-get install mysql-server
sudo apt-get install libpcap-dev libmysqld-dev sudo apt-get install php5-mysql


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!