Snort mailing list archives
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue
From: Eric Biederman <Eric.Biederman () mrsassociates com>
Date: Fri, 31 Aug 2012 15:53:09 +0000
Found an error in my barnyard config.... I inadvertently left the mssql as output and not mysql. I mad the change and Barnyard has started and is showing waiting for new data. One error/warning left. When Barnyard starts I get WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard.waldo' Running in Continuous mode --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "/etc/snort/barnyard2.conf" Log directory = /var/log/barnyard2 database: compiled support for (mysql) database: configured to use mysql database: schema version = 107 database: host = localhost database: user = snort database: database name = snort database: sensor name = localhost:p2p1 database: sensor id = 1 database: sensor cid = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility --== Initialization Complete ==-- ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.9 (Build 263) |o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php + '''' + (C) Copyright 2008-2010 SecurixLive. Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. WARNING: Ignoring corrupt/truncated waldofile '/var/log/snort/barnyard.waldo' Opened spool file '/var/log/snort/snort.log.1346340409' Closing spool file '/var/log/snort/snort.log.1346340409'. Read 0 records Opened spool file '/var/log/snort/snort.log.1346343654' Closing spool file '/var/log/snort/snort.log.1346343654'. Read 0 records Opened spool file '/var/log/snort/snort.log.1346352702' Closing spool file '/var/log/snort/snort.log.1346352702'. Read 0 records Opened spool file '/var/log/snort/snort.log.1346352718' Closing spool file '/var/log/snort/snort.log.1346352718'. Read 0 records Opened spool file '/var/log/snort/snort.log.1346358724' Closing spool file '/var/log/snort/snort.log.1346358724'. Read 0 records Opened spool file '/var/log/snort/snort.log.1346417767' Closing spool file '/var/log/snort/snort.log.1346417767'. Read 0 records Opened spool file '/var/log/snort/snort.log.1346421567' Waiting for new data -----Original Message----- From: Eric Biederman Sent: Friday, August 31, 2012 10:10 AM To: 'beenph'; Jeremy Hoel Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue I just performed the clean and reconfig/install for both Snort and Barnyard. I am still getting the same error with Barnyard2. I have included my two configs as txt files. The error that mysql support is not compiled into this build of snort that I get when attempting to start barnyard confuses me. I took a pass at this on a different system a few days ago and was unable to pass the --with-mysql with my config of snort because it was an unknown argument. After reading I found a mention that snort no longer outputss to mysql so I assumed I was ok and Barnyard2 would handle the output. Am I wrong in this assumption? By the way thanks for the help. -----Original Message----- From: beenph [mailto:beenph () gmail com]<mailto:[mailto:beenph () gmail com]> Sent: Friday, August 31, 2012 9:27 AM To: Jeremy Hoel Cc: Eric Biederman; snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue On Fri, Aug 31, 2012 at 9:19 AM, Jeremy Hoel <jthoel () gmail com<mailto:jthoel () gmail com>> wrote:
Can you copy and paste the ./configure command and it's output for
barnyard and put that in a text file or on pastebin? Maybe we can see
what the problem is there.
Oh and i just tought of something, if you did rerun ./configure before running make did you do a make clean? Because even if you rerun ./configure and make if there is an object (.o) file existing even if it updates compile flags for the linked executable, it might not rebuild src/output/spo_database thus you are getting the same result. So just do a make clean && make then retry. -elz
On Fri, Aug 31, 2012 at 12:37 PM, Eric Biederman
<Eric.Biederman () mrsassociates com<mailto:Eric.Biederman () mrsassociates com>> wrote:
I am using mysql. I have updated the library and rerun the configure, make, install with the same results.
-----Original Message-----
From: beenph [mailto:beenph () gmail com]<mailto:[mailto:beenph () gmail com]>
Sent: Thursday, August 30, 2012 5:38 PM
To: Eric Biederman
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql
issue
On Thu, Aug 30, 2012 at 2:30 PM, Eric Biederman <Eric.Biederman () mrsassociates com<mailto:Eric.Biederman () mrsassociates com>> wrote:
Yes I did.
./configure --with-mysql-libraries=/usr/lib64/mysql/
Try --with-mysql and technically if you add your library path to /etc/ld.so.conf , run ldconfig and then rerun the ./configure --with-mysql you should be fine.
-elz
-----Original Message-----
From: beenph [mailto:beenph () gmail com]<mailto:[mailto:beenph () gmail com]>
Sent: Thursday, August 30, 2012 2:16 PM
To: Eric Biederman
Subject: Re: [Snort-users] Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql
issue
On Thu, Aug 30, 2012 at 1:24 PM, Eric Biederman <Eric.Biederman () mrsassociates com<mailto:Eric.Biederman () mrsassociates com>> wrote:
I am having a problem where when I try to start my Barnyard2 system
I am getting notified that my version of snort was not configured
with mysql support and to recompile with this support. My
understanding is that Snort
2.9.3.1 no longer handles mysql and leaves it to 3rd parties to deal with.
My snort install runs fine to logs and I can start Barnyard without
the mysql call with no apparent problems but once I add the mysql
output back into my barnyard.conf file I am unable to start it
Greeting Eric,
Did you install barnyard2 from source?
if so did you run configure with ./configure --with-mysql?
-elz
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please
notify the system manager. This message contains confidential
information and is intended only for the individual named. If you
are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system. If
you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited.
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. This message contains confidential information
and is intended only for the individual named. If you are not the
named addressee you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately by e-mail if you have
received this e-mail by mistake and delete this e-mail from your
system. If you are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on
the contents of this information is strictly prohibited.
---------------------------------------------------------------------
---------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions will include endpoint security, mobile security and the
latest in malware threats.
http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 30)
- Message not available
- Message not available
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Jeremy Hoel (Aug 30)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Joel Esler (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Joel Esler (Aug 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 30)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Jeremy Hoel (Aug 31)
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 31)
- Message not available
- Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 31)
- Message not available