Snort mailing list archives

Re: Barnyard 2 Error

From: Y M <snort () outlook com>
Date: Thu, 2 Jul 2015 21:09:11 +0000

Looks like you are missing Libdne, either install from source (google code where it was hosted now redirects to 
GitHub), or try apt-get install libdumbnet-dev.

From: cdaviso1 () vols utk edu
To: snort-users () lists sourceforge net
Date: Thu, 2 Jul 2015 12:54:50 +0000
Subject: [Snort-users] Barnyard 2 Error

Good Morning,

I have completed the following steps in the 
Snort 2.9.7.x on Ubuntu 12 LTS and 14 LTS for installing Barnyard 2 on Ubuntu 14.04 (64Bit):

Barnyard 2
Step 1: sudo apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool

Step 2: Line 520 Add:
output unified2: filename snort.u2, limit 128

Step 3:
cd ~/snort_src
wget 
https://github.com/firnsy/barnyard2/archive/master.tar.gz -O barnyard2-2-1.13.tar.gz
tar zxvf barnyard2-2-1.13.tar.gz
cd barnyard2-master
autoreconf -fvi -I ./m4
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu
make
sudo make install

However, I will follow additional steps and get to the point of testing Barnyard 2 and receive the below error:

spectrum5ghz@ubuntu:~$ sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w 
/var/log/snort/barnyard2.waldo \

-g snort -u snort

[sudo] password for spectrum5ghz:

sudo: barnyard2: command not found
spectrum5ghz@ubuntu:~$
 
I wiped my virtual machine clean and started from scratch. This time taking a snapshot right before I begin by Barnyard 
2 install. I noticed the following errors when “making” the file that might have caused the previous errors up above:
 
alert_prelude.o spo_alert_syslog.o spo_alert_test.o spo_alert_unixsock.o spo_common.o spo_log_ascii.o spo_log_null.o 
spo_log_tcpdump.o spo_sguil.o
 spo_echidna.o spo_syslog_full.o spo_database.o spo_database_cache.o 

ranlib libspo.a

make[3]: Leaving directory `/home/spectrum5ghz/snort_src/barnyard2-master/src/output-plugins'

Making all in input-plugins

make[3]: Entering directory `/home/spectrum5ghz/snort_src/barnyard2-master/src/input-plugins'

gcc -DHAVE_CONFIG_H -I. -I../..  -I.. -I../sfutil  -DDEBUG  -g -O0 -fno-strict-aliasing -Wall -c -o spi_unified2.o 
spi_unified2.c

rm -f libspi.a

ar cru libspi.a spi_unified2.o 

ranlib libspi.a

make[3]: Leaving directory `/home/spectrum5ghz/snort_src/barnyard2-master/src/input-plugins'

make[3]: Entering directory `/home/spectrum5ghz/snort_src/barnyard2-master/src'

gcc -DHAVE_CONFIG_H -I. -I..  -Isfutil -DDEBUG  -g -O0 -fno-strict-aliasing -Wall -c -o barnyard2.o barnyard2.c

gcc -DHAVE_CONFIG_H -I. -I..  -Isfutil -DDEBUG  -g -O0 -fno-strict-aliasing -Wall -c -o debug.o debug.c

gcc -DHAVE_CONFIG_H -I. -I..  -Isfutil -DDEBUG  -g -O0 -fno-strict-aliasing -Wall -c -o decode.o decode.c

decode.c:38:18: fatal error: dnet.h: No such file or directory

 #include <dnet.h>

                  ^

compilation terminated.

make[3]: *** [decode.o] Error 1

make[3]: Leaving directory `/home/spectrum5ghz/snort_src/barnyard2-master/src'

make[2]: *** [all-recursive] Error 1

make[2]: Leaving directory `/home/spectrum5ghz/snort_src/barnyard2-master/src'

make[1]: *** [all-recursive] Error 1

make[1]: Leaving directory `/home/spectrum5ghz/snort_src/barnyard2-master'

make: *** [all] Error 2

spectrum5ghz@spectrum5ghz:~/snort_src/barnyard2-master$ 
Can you offer me a suggestion as to what I should do to correct this issue? I am in the process of making a snort 
training video series and already have 70+ slides.
 I definitely want to include Barnyard2 as one of the videos. I have looked at several other websites on how to install 
Barnyard2, and even posted this issue in the IRC channel with no resolution. I appreciate your help!
Sincerely,

Spectrum5GHz
 




------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard 2 Error Davison, Charles Robert (Jul 02)
- Re: Barnyard 2 Error Y M (Jul 02)