Snort mailing list archives
Re: Trouble in the Barnyard
From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Mon, 16 Jan 2017 14:28:00 +0200
the output you show from ./configure looks correct (the line that shows "*checking for mysql... yes*" is what you're looking for). after you run: ./configure --with-mysql --with-mysql-libraries=/usr/ lib/i386-linux-gnu (note you don't need to run this as sudo), are you running *make* and then *sudo make install*? I would try moving the current barnyard2 binary (navigate to the banryard2 folder, then run *sudo mv barnyard2 barnyard2.bak)* to ensure you're working with the newly compiled barnyard2, and try these steps to configure, compile, and install barnyard2: cd ~/Downloads/Barnyard2/barnyard2-master ./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu make sudo make install ensure there are *no* errors during the *make* stage or the *sudo make install* stage. When done with these steps, you should be able to run barnyard2. if it doesn't run, then there is an issue with your configuration / build. Noah On Wed, Jan 11, 2017 at 4:43 AM, Bob Baller <bobballer () q com> wrote:
I’ve been attempting to install Barnyard2 for a while and seem to be
stuck. I’ve tried to research the problem but haven’t found a solution,
although the problem seems to have been reported on a number of different
sites including this one. The problem is that I get the following error
when I attempt to run Barnyard2:
*‘ERROR database: 'mysql' support is not compiled into this build of
barnyard2’*
The info below provides more on what I have done, and the results of some
of the commands. As indicated, I’ve tried numerous variations on the
configuration of Barnyard2 and nothing seems to work up to this point.
Snort however appears to be working fine and is able to write data to the
U2 files.
Snort works fine and writes data to the u2 file. MySQL appears to be set
up correctly however Barnyard fails as soon as I run it, each time with
the same error.
I am working with the following:
· Linux Mint ver 18 32bit
· MySql ver 5.7.16-0ubuntu0.16.04.1
· Snort ver 2.9.7.0-5
· Barnyard2 ver 2.1.14 Build 339
Hopefully someone can see something in the information below that would
make sense. I would appreciate any help.
Below is the output from my attempt to run Barnyard2
bob@HP7620 ~/Downloads/Barnyard2/barnyard2-master $ sudo barnyard2 -c
/etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo -g snort -u snort
Running in Continuous mode
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+
Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
ERROR database: 'mysql' support is not compiled into this build of
barnyard2
ERROR: If this build of barnyard2 was obtained as a binary distribution
(e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.
If this build of barnyard2 was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.
See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
Barnyard2 exiting
============================================================
===================
Record Totals:
Records: 0
Events: 0 (0.000%)
Packets: 0 (0.000%)
Unknown: 0 (0.000%)
Suppressed: 0 (0.000%)
============================================================
===================
Packet breakdown by protocol (includes rebuilt packets):
ETH: 0 (0.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 0 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 0 (0.000%)
IP4disc: 0 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 0 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
InvChkSum: 0 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 0 (0.000%)
Total: 0
============================================================
===================
Below is the output from running the configure command. I have tried this
using it as shown below as well as using it with the following
'--with-mysql' commands: ('--with-mysql=/usr/';
'--with-mysql=/var/lib/mysql' ; '--with-mysql=/usr/lib/mysql/plugin' and
'--with-mysql:/usr/share/mysql/)
bob@HP7620 ~/Downloads/Barnyard2/barnyard2-master $ sudo ./configure
--with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu
format... func_convert_file_noop
checking how to convert i686-pc-linux-gnu file names to toolchain
format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries...
yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc option to accept ISO C99... none needed
checking for gcc option to accept ISO Standard C... (cached) none needed
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) none
checking whether byte ordering is bigendian... no
checking for bison... bison
checking for flex... flex
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/sockio.h usability... no
checking sys/sockio.h presence... no
checking for sys/sockio.h... no
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking for inttypes.h... (cached) yes
checking wchar.h usability... yes
checking wchar.h presence... yes
checking for wchar.h... yes
checking math.h usability... yes
checking math.h presence... yes
checking for math.h... yes
checking for floor in -lm... yes
checking for ceil in -lm... yes
checking for inet_ntoa in -lnsl... yes
checking for socket in -lsocket... no
checking whether printf must be declared... no
checking whether fprintf must be declared... no
checking whether syslog must be declared... no
checking whether puts must be declared... no
checking whether fputs must be declared... no
checking whether fputc must be declared... no
checking whether fopen must be declared... no
checking whether fclose must be declared... no
checking whether fwrite must be declared... no
checking whether fflush must be declared... no
checking whether getopt must be declared... no
checking whether bzero must be declared... no
checking whether bcopy must be declared... no
checking whether memset must be declared... no
checking whether strtol must be declared... no
checking whether strcasecmp must be declared... no
checking whether strncasecmp must be declared... no
checking whether strerror must be declared... no
checking whether perror must be declared... no
checking whether socket must be declared... no
checking whether sendto must be declared... no
checking whether vsnprintf must be declared... no
checking whether snprintf must be declared... no
checking whether strtoul must be declared... no
checking for snprintf... yes
checking for strlcpy... no
checking for strlcat... no
checking for strerror... yes
checking for vswprintf... yes
checking for wprintf... yes
checking size of char... 1
checking size of short... 2
checking size of int... 4
checking size of long int... 4
checking size of long long int... 8
checking size of unsigned int... 4
checking size of unsigned long int... 4
checking size of unsigned long long int... 8
checking for u_int8_t... yes
checking for u_int16_t... yes
checking for u_int32_t... yes
checking for u_int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for INADDR_NONE... yes
checking for __FUNCTION__... yes
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking for pcap_datalink in -lpcap... yes
checking for sparc... no
checking for mysql... yes
checking for compress in -lz... yes
checking for mysql default client reconnect... no
checking for mysql reconnect option... yes
checking for mysql setting of reconnect option before connect bug... no
checking for linuxthreads... no
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/sfutil/Makefile
config.status: creating src/input-plugins/Makefile
config.status: creating src/output-plugins/Makefile
config.status: creating etc/Makefile
config.status: creating doc/Makefile
config.status: creating rpm/Makefile
config.status: creating schemas/Makefile
config.status: creating m4/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
Below is is info from MySql showing the tables and variables from the
snort database:
mysql> use snort
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_snort |
+------------------+
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+------------------+
16 rows in set (0.00 sec)
mysql> SHOW VARIABLES WHERE Variable_Name LIKE "%dir";
+---------------------------+----------------------------+
| Variable_name | Value |
+---------------------------+----------------------------+
| basedir | /usr/ |
| character_sets_dir | /usr/share/mysql/charsets/ |
| datadir | /var/lib/mysql/ |
| innodb_data_home_dir | |
| innodb_log_group_home_dir | ./ |
| innodb_tmpdir | |
| lc_messages_dir | /usr/share/mysql/ |
| plugin_dir | /usr/lib/mysql/plugin/ |
| slave_load_tmpdir | /tmp |
| tmpdir | /tmp |
+---------------------------+----------------------------+
10 rows in set (0.06 sec)
The image below is a screenshot showing the Snort.u2 logs contain data.
The text below is from the Barnyard2.conf file showing that the output
database has been configured
Examples:
# output database: log, mysql, user=root password=test dbname=db
host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
#
output database: log, mysql, user=snort password=*********** dbname=snort
host=localhost
Below is the listing from /var/lib/mysql:This shows that the snort DB hasn't
been accessed since Jan 2 (prior to my attempts to setup Barnyard2.
HP7620 mysql # dir -l
total 122912
-rw-r----- 1 mysql mysql 56 Dec 25 23:05 auto.cnf
-rw-r--r-- 1 root root 0 Dec 25 23:05 debian-5.7.flag
-rw-r----- 1 mysql mysql 302 Jan 2 14:43 ib_buffer_pool
-rw-r----- 1 mysql mysql 12582912 Jan 2 21:48 ibdata1
-rw-r----- 1 mysql mysql 50331648 Jan 2 21:48 ib_logfile0
-rw-r----- 1 mysql mysql 50331648 Dec 25 23:05 ib_logfile1
-rw-r----- 1 mysql mysql 12582912 Jan 2 14:45 ibtmp1
drwxr-x--- 2 mysql mysql 4096 Dec 25 23:05 mysql
drwxr-x--- 2 mysql mysql 4096 Dec 25 23:05 performance_schema
drwxr-x--- 2 mysql mysql 4096 Jan 2 21:48 snort
drwxr-x--- 2 mysql mysql 12288 Dec 25 23:05 sys
------------------------------------------------------------
------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest
Snort news!
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Trouble in the Barnyard Bob Baller (Jan 16)
- Re: Trouble in the Barnyard Noah Dietrich (Jan 16)
- Re: Trouble in the Barnyard Bob Baller (Jan 16)
- Re: Trouble in the Barnyard James Lay (Jan 16)
- Re: Trouble in the Barnyard Bob Baller (Jan 16)
- Re: Trouble in the Barnyard James Lay (Jan 16)
- Re: Trouble in the Barnyard Bob Baller (Jan 17)
- Re: Trouble in the Barnyard Y M (Jan 17)
- Re: Trouble in the Barnyard Bob Baller (Jan 18)
- Re: Trouble in the Barnyard Bob Baller (Jan 18)
- Re: Trouble in the Barnyard Bob Baller (Jan 16)
- Re: Trouble in the Barnyard Noah Dietrich (Jan 16)