Re: Barnyard2 issue w/unified2 ?

[beenph <beenph () gmail com>]

On Fri, Aug 9, 2013 at 11:10 PM, Jeff Kell <jeff-kell () utc edu> wrote:
> On 8/9/2013 10:53 PM, beenph wrote:
> > I would highly suggest you that you
> > re-create a new DB with InnoDB and restart your barnyard2 sensor.
> >
> > Also which version of by2 are you running?
>
> I am running...
>
> > [jeff@snort-campus ~]$ barnyard2 -V
> >
> >   ______   -*> Barnyard2 <*-
> >  / ,,_  \  Version 2.1.13 (Build 327)
> >  |o"  )~|  By Ian Firns (SecurixLive): http://www.securixlive.com/
> >  + '''' +  (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com>
>
> I'm afraid I haven't a clue about how to alter the database, but is it
> data-destructive?  Or just a rebuild of MySQL?  I have months of
> archived data...




Well the best way to do this is to really create a new database.


1. stop everything connected to your database server, (clients / web
iterfaces and so).

2. you probably have a older version of mysql thus you will probably
have to for it to use innodb
   at startup.
   From mysql manual :
<SNIP>
To set up InnoDB as the default storage engine with an earlier MySQL
release, either specify on the command line
--default-storage-engine=InnoDB, or add to your my.cnf file
default-storage-engine=innodb in the [mysqld] section, then restart
the server.
</SNIP>


So you can open a client connection with mysql and create a new database.

For example if your current database is called Snort , call the new
database Snort-New

and from there create your users / alter your users acl so that they
can access it, re-create the schema etc...

One table you can probably copy over is the sensor table if you want
(from the previous database to the new database)
the only thing i would recommend is to run the following command
before starting any by2 process on the new database.

UPDATE sensor SET last_cid='0';

With this way, you will keep your old data, you just have to point
your web UI to the old database if you need to consult
your archive.

> And repost this to the list if you wish, I can't seem to get in the
> google groups barnyard2-users without using gmail credentials...

Np.

Let us know if you have some issues.

-elz

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!