RE: Barnyard

["Steven Rudolph" <srudolph () iocenter net>]

John,
I had a working implementation of this a few weeks ago - Solaris 8 on an
Ultra 5.
I did not see much performance improvement with about 10Mb of traffic.
My setup is distributed, so I compiled MySQL with --client-only on the
Snort machine.

Snort 2.0.2 configure:
./configure --with-mysql=/usr/local/mysql
--with-libpcap-libraries=/usr/src/libpcap-0.7.1
--with-libpacp-includes=/usr/src/libpcap-0.7.1 --enable-flexresp

Barnyard configure:
./configure --enable-mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
-with-mysql-libraries=/usr/local/mysql/lib/mysql 

barnyard runtime command:
-a /var/log/snort/archive -c /etc/barnyard.conf -f /var/log/snortunified
-g /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -w
/var/log/snort/waldo -L /var/log/snort/barn.log

Change the output configuration in Snort to unified, and start Snort.
Second start Barnyard.

Steve

-----Original Message-----
From: John Creegan [mailto:jcreegan () questarweb com] 
Sent: Wednesday, October 08, 2003 11:47 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Barnyard


I've tried everything I can find in the archives.  Still no luck.

There was a fairly extensive conversation between Jeff Nathan and Scott
Renna in which Jeff suggests making changes to the configure.in file.

I did that, but aclocal is to be a directory on my system (or maybe an
alias on Jeff's machine), autoheader worked, I don't have automake,
autoconf I do have, and did work, bit since I missed the autoconf step,
that was just a test anyway.

And after all that I did a systemwide file search and I don't have any
file related to mysql and connect anywhere on my system.

Has anyone gotten Barnyard to work with mysql 4 and Solaris 8 WITHOUT
having to kill all the tests as John Byrnes (thanks for the sympathy!)
did?

John:  have you seen any problems with Barnyard with the way you
compiled it, and is there any chance you still have that script (hope,
hope, hope... :-)

I have plans to minimize and harden the system, but I have not done any
of that yet, so this is still the basic Solaris install on a Sparc Ultra
5.


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects. See the people
who have HELPED US provide better services: Click here:
http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Attachment: smime.p7s
Description: