RE: Making zero headway with barnyard

[Michael Miller <michael.miller () state co us>]

I've done that...unless sourceforge or snort.org has a subset of barnyard,
I'm not seeing anything relevant to mysql in the Makefile!

-----Original Message-----
From: Bamm Visscher [mailto:bamm () satx rr com] 
Sent: Thursday, March 18, 2004 8:40 PM
To: Michael Miller
Cc: Snort-users () lists sourceforge net
Subject: Re: [Snort-users] Making zero headway with barnyard

Use --enable-mysql to include mysql support in barnyard. To verify that
configure found the libs, you should see the switch -DENABLE_MYSQL being
passed to gcc during the make.

BTW, you don't need to compile mysql support in snort, if you are going to
use barnyard to load the events in the DB.

Bammkkkk

On Thu, Mar 18, 2004 at 03:23:13PM -0700, Michael Miller wrote:
> (see bottom of email for germane configs)
>
> I've got a snort system up and running with Mysql and ACID on a Suse 8.2
> box, all compiled from code, all works as advertised.
>
> I can't get Barnyard to work...at all. Can you see anything obvious I'm
> missing?
>
> ===============Details===================
> I've built Snort with './configure --with-mysql=/usr/local/mysql' and it
> generates a makefile with mysql support just fine.
>
> I've built Barnyard (both 0.1.0 and 0.2.0) using './configure
--with-mysql'
> and see no output referencing MySql. 
>
> The snort.conf on the sensor is writing unified alert and log files. The
> command to run snort is: '-c /home/ids/rules/snort.conf -l /home/ids/logs
-D
> -i eth1'
>
> I've FINALLY got barnyard to stop complaining about bad magic numbers by
> removing the -Xbed flags.
>
> I can't get Barnyard to generate ANY outputs, it gives 'Unknown output
> plugin "XXX" referenced, ignoring! Where XXX = log_acid_db, log_dump,
> log_pcap or alert_acid_db
>
> I'm calling barnyard with: barnyard -c /etc/snort/barnyard.ids3.conf -d
> /home/idsdb/logs/ids3 -f snort.log -R
>
> The relevant part of the sensor's snort.conf is:
> ===========
> ## Output Modules
> ## --------------
> #output database: log, mysql, dbname=db user=root host=localhost
> password=test
> #output log_tcpdump: tcpdump.log
> output log_unified: filename snort.log, limit 128
> #
> #output alert_syslog: LOG_AUTH LOG_ALERT
> output alert_unified: filename snort.alert, limit 128
> ============
>
> The relevant part of barnyard.ids3.conf is:
> ============
> # acid_db
> #-------------------------------
> # Available as both a log and alert output plugin.  Used to output data
into
> # the db schema used by ACID
> # Arguments:
> #      $db_flavor           - what flavor of database (ie, mysql)
> #      sensor_id $sensor_id - integer sensor id to insert data as
> #      database $database   - name of the database
> #      server $server       - server the database is located on
> #      user $user           - username to connect to the database as
> #      password $password   - password for database authentication
> # output alert_acid_db: mysql, sensor_id 1, database snort, server
> localhost, user root
> # output log_acid_db: mysql, database snort, server localhost, user root,
> detail full
>
> #output alert_acid_db: mysql, sensor_id 1, database snort, server
localhost,
> user snortuser, password snortpassword
> output log_acid_db: mysql, database snort, server localhost, user
snortuser,
> password snortuser, detail full


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users