Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user

[Kurt J <technicalfriend () yahoo com>]

In this message here is my current barnyard2 command and status/terminal output to the screen:


barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f merged.log -w /var/log/snort/barnyard2.waldo
Running in Continuous mode

        --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"


+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+

Barnyard2 spooler: Event cache size set to [2048] 
Log directory = /var/log/snort
INFO database: Defaulting Reconnect/Transaction Error limit to 10 
INFO database: Defaulting Reconnect sleep time to 5 second 
[SignatureReferencePullDataStore()]: No Reference found in database ... 
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = ##### obfuscated here
database:  database name = snorby
database:    sensor name = localhost:eth0
database:      sensor id = 1
database:     sensor cid = 2
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "log" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.13-BETA (Build 325)
 |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
 + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com>

Using waldo file '/var/log/snort/barnyard2.waldo':
    spool directory = /var/log/snort
    spool filebase  = merged.log
    time_stamp      = 1367537892
    record_idx      = 2
Opened spool file '/var/log/snort/merged.log.1367537892'
Waiting for new data
Closing spool file '/var/log/snort/merged.log.1367537892'. Read 2 records
Opened spool file '/var/log/snort/merged.log.1367538131'
Waiting for new data
INFO [dbProcessSignatureInformation()]: [Event: 4] with [gid: 120] [sid: 8] [rev: 1] [classification: 2] [priority: 3]
         was not found in barnyard2 signature cache, this could lead to display inconsistency.
         To prevent this warning, make sure that your sid-msg.map and gen-msg.map file are up to date with the snort 
process logging to the spool file.
         The new inserted signature will not have its information present in the sig_reference table. 
         Note that the message inserted in the signature table will be snort default message "Snort Alert 
[gid:sid:revision]" 
         You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite 
interface

INFO [dbProcessSignatureInformation()]: [Event: 12] with [gid: 1] [sid: 16482] [rev: 8] [classification: 9] [priority: 
1]
         was not found in barnyard2 signature cache, this could lead to display inconsistency.
         To prevent this warning, make sure that your sid-msg.map and gen-msg.map file are up to date with the snort 
process logging to the spool file.
         The new inserted signature will not have its information present in the sig_reference table. 
         Note that the message inserted in the signature table will be snort default message "Snort Alert 
[gid:sid:revision]" 
         You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite 
interface

Some more duplicates of the above messages removed for space

KJ




________________________________
 From: beenph <beenph () gmail com>
To: Lars <technicalfriend () yahoo com> 
Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> 
Sent: Friday, May 3, 2013 12:23 AM
Subject: Re: [Snort-users] Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" 
message followup - 1st time barnyard user
 

On Fri, May 3, 2013 at 12:17 AM, Lars <technicalfriend () yahoo com> wrote:
> Maybe we need to rebuild Snort?  All these good checks and verifications on
> our config files and all that but the problem remains the same.
Which problem?

i)  Post your snort command line.
ii) Post your barnyard2 command line
iii) Post your snort config.
iv) Post your barnyard2 config

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!