Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More ACID BASE Help

From: Jeremy Hoel <jthoel () gmail com>
Date: Thu, 16 May 2013 14:44:41 -0600
Did you get any errors when you ran the apt-get install command that you
listed earlier?



On Thu, May 16, 2013 at 2:41 PM, Shaun Marlin <shaun.marlin () canalta com>wrote:


Ok, so I did that and now I am getting this error.****

** **

**************************************************

  ERROR: unable to find mysqlclient library (libmysqlclient.*)****

  checked in the following places****

        /usr/lib64/mysql****

        /usr/lib64/mysql/lib****

        /usr/lib64/mysql/mysql****

        /usr/lib64/mysql/mysql/lib****

        /usr/lib64/mysql/lib/mysql****

**************************************************

Where can I go to redownload libmysqlclient from?****

*From:* Jeremy Hoel [mailto:jthoel () gmail com]
*Sent:* Thursday, May 16, 2013 2:21 PM

*To:* Shaun Marlin
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] More ACID BASE Help****

** **

You do see the error right?  that needs to be fixed.****

** **

Is this a 64 bit machine?****

** **

If so you need to run config and point to the library..****

** **

./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql****

** **

or whereever it is at.. ****

** **

** **

** **

On Thu, May 16, 2013 at 1:54 PM, Shaun Marlin <shaun.marlin () canalta com>
wrote:****

This is what I installed in order to prep the OS for this project****

 ****

*apt-get update && apt-get -y install apache2 apache2-doc autoconf
automake bison ca-certificates ethtool flex g++ gcc gcc-4.4
libapache2-modphp5 libcrypt-ssleay-perl libmysqlclient-dev libnet1
libnet1-dev libpcre3 libpcre3-dev libphp-adodb libssl-dev libtool
libwww-perl make mysqlclient mysql-common mysql-server ntp php5-cli php5-gd
php5-mysql php-pear sendmail sysstat usbmount vim*****

 ****

*From:* Jeremy Hoel [mailto:jthoel () gmail com]
*Sent:* Thursday, May 16, 2013 1:51 PM****


*To:* Shaun Marlin
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] More ACID BASE Help****

 ****

Ok.. so then it didn't work the first time either..  Notice these errors.*
***

 ****

**************************************************

  ERROR: unable to find mysqlclient library (libmysqlclient.*)****

  checked in the following places****

        /usr****

        /usr/lib****

        /usr/mysql****

        /usr/mysql/lib****

        /usr/lib/mysql****

        /usr/local****

        /usr/local/lib****

        /usr/local/mysql****

        /usr/local/mysql/lib****

        /usr/local/lib/mysql****

**************************************************

 ****

 ****

Do you have mysql-devel type packages installed?  to
provide libmysqlclient?****

 ****

 ****

 ****

On Thu, May 16, 2013 at 1:44 PM, Shaun Marlin <shaun.marlin () canalta com>
wrote:****

Ok this is what I got when I ran the install again****

 ****

root@SENTRY:/usr/src/barnyard2-master# ./configure --with-mysql && make
&& make install****

checking for a BSD-compatible install... /usr/bin/install -c****

checking whether build environment is sane... yes****

checking for a thread-safe mkdir -p... /bin/mkdir -p****

checking for gawk... no****

checking for mawk... mawk****

checking whether make sets $(MAKE)... yes****

checking build system type... i686-pc-linux-gnu****

checking host system type... i686-pc-linux-gnu****

checking how to print strings... printf****

checking for style of include used by make... GNU****

checking for gcc... gcc****

checking whether the C compiler works... yes****

checking for C compiler default output file name... a.out****

checking for suffix of executables...****

checking whether we are cross compiling... no****

checking for suffix of object files... o****

checking whether we are using the GNU C compiler... yes****

checking whether gcc accepts -g... yes****

checking for gcc option to accept ISO C89... none needed****

checking dependency style of gcc... none****

checking for a sed that does not truncate output... /bin/sed****

checking for grep that handles long lines and -e... /bin/grep****

checking for egrep... /bin/grep -E****

checking for fgrep... /bin/grep -F****

checking for ld used by gcc... /usr/bin/ld****

checking if the linker (/usr/bin/ld) is GNU ld... yes****

checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B****

checking the name lister (/usr/bin/nm -B) interface... BSD nm****

checking whether ln -s works... yes****

checking the maximum length of command line arguments... 1572864****

checking whether the shell understands some XSI constructs... yes****

checking whether the shell understands "+="... yes****

checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu
format... func_convert_file_noop****

checking how to convert i686-pc-linux-gnu file names to toolchain
format... func_convert_file_noop****

checking for /usr/bin/ld option to reload object files... -r****

checking for objdump... objdump****

checking how to recognize dependent libraries... pass_all****

checking for dlltool... no****

checking how to associate runtime and link libraries... printf %s\n****

checking for ar... ar****

checking for archiver @FILE support... @****

checking for strip... strip****

checking for ranlib... ranlib****

checking command to parse /usr/bin/nm -B output from gcc object... ok****

checking for sysroot... no****

checking for mt... mt****

checking if mt is a manifest tool... no****

checking how to run the C preprocessor... gcc -E****

checking for ANSI C header files... yes****

checking for sys/types.h... yes****

checking for sys/stat.h... yes****

checking for stdlib.h... yes****

checking for string.h... yes****

checking for memory.h... yes****

checking for strings.h... yes****

checking for inttypes.h... yes****

checking for stdint.h... yes****

checking for unistd.h... yes****

checking for dlfcn.h... yes****

checking for objdir... .libs****

checking if gcc supports -fno-rtti -fno-exceptions... no****

checking for gcc option to produce PIC... -fPIC -DPIC****

checking if gcc PIC flag -fPIC -DPIC works... yes****

checking if gcc static flag -static works... yes****

checking if gcc supports -c -o file.o... yes****

checking if gcc supports -c -o file.o... (cached) yes****

checking whether the gcc linker (/usr/bin/ld) supports shared libraries...
yes****

checking whether -lc should be explicitly linked in... no****

checking dynamic linker characteristics... GNU/Linux ld.so****

checking how to hardcode library paths into programs... immediate****

checking whether stripping libraries is possible... yes****

checking if libtool supports shared libraries... yes****

checking whether to build shared libraries... yes****

checking whether to build static libraries... yes****

checking whether to enable maintainer-specific portions of Makefiles... no
****

checking for gcc option to accept ISO C99... -std=gnu99****

checking for gcc -std=gnu99 option to accept ISO Standard C... (cached)
-std=gnu99****

checking for gcc... (cached) gcc****

checking whether we are using the GNU C compiler... (cached) yes****

checking whether gcc accepts -g... (cached) yes****

checking for gcc option to accept ISO C89... (cached) none needed****

checking dependency style of gcc... (cached) none****

checking whether byte ordering is bigendian... no****

checking for bison... bison****

checking for flex... flex****

checking for strings.h... (cached) yes****

checking for string.h... (cached) yes****

checking for stdlib.h... (cached) yes****

checking for unistd.h... (cached) yes****

checking sys/sockio.h usability... no****

checking sys/sockio.h presence... no****

checking for sys/sockio.h... no****

checking paths.h usability... yes****

checking paths.h presence... yes****

checking for paths.h... yes****

checking for inttypes.h... (cached) yes****

checking wchar.h usability... yes****

checking wchar.h presence... yes****

checking for wchar.h... yes****

checking math.h usability... yes****

checking math.h presence... yes****

checking for math.h... yes****

checking for floor in -lm... yes****

checking for ceil in -lm... yes****

checking for inet_ntoa in -lnsl... yes****

checking for socket in -lsocket... no****

checking whether printf must be declared... no****

checking whether fprintf must be declared... no****

checking whether syslog must be declared... no****

checking whether puts must be declared... no****

checking whether fputs must be declared... no****

checking whether fputc must be declared... no****

checking whether fopen must be declared... no****

checking whether fclose must be declared... no****

checking whether fwrite must be declared... no****

checking whether fflush must be declared... no****

checking whether getopt must be declared... no****

checking whether bzero must be declared... no****

checking whether bcopy must be declared... no****

checking whether memset must be declared... no****

checking whether strtol must be declared... no****

checking whether strcasecmp must be declared... no****

checking whether strncasecmp must be declared... no****

checking whether strerror must be declared... no****

checking whether perror must be declared... no****

checking whether socket must be declared... no****

checking whether sendto must be declared... no****

checking whether vsnprintf must be declared... no****

checking whether snprintf must be declared... no****

checking whether strtoul must be declared... no****

checking for snprintf... yes****

checking for strlcpy... no****

checking for strlcat... no****

checking for strerror... yes****

checking for vswprintf... yes****

checking for wprintf... yes****

checking size of char... 1****

checking size of short... 2****

checking size of int... 4****

checking size of long int... 4****

checking size of long long int... 8****

checking size of unsigned int... 4****

checking size of unsigned long int... 4****

checking size of unsigned long long int... 8****

checking for u_int8_t... yes****

checking for u_int16_t... yes****

checking for u_int32_t... yes****

checking for u_int64_t... yes****

checking for uint8_t... yes****

checking for uint16_t... yes****

checking for uint32_t... yes****

checking for uint64_t... yes****

checking for int8_t... yes****

checking for int16_t... yes****

checking for int32_t... yes****

checking for int64_t... yes****

checking for INADDR_NONE... yes****

checking for __FUNCTION__... yes****

checking pcap.h usability... yes****

checking pcap.h presence... yes****

checking for pcap.h... yes****

checking for pcap_datalink in -lpcap... yes****

checking for sparc... no****

checking for mysql...****

 ****

**************************************************

  ERROR: unable to find mysqlclient library (libmysqlclient.*)****

  checked in the following places****

        /usr****

        /usr/lib****

        /usr/mysql****

        /usr/mysql/lib****

        /usr/lib/mysql****

        /usr/local****

        /usr/local/lib****

        /usr/local/mysql****

        /usr/local/mysql/lib****

        /usr/local/lib/mysql****

**************************************************

 ****

*From:* Jeremy Hoel [mailto:jthoel () gmail com]
*Sent:* Thursday, May 16, 2013 1:30 PM****


*To:* Shaun Marlin
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] More ACID BASE Help****

 ****

Well, if locatedb is installed I like this 'updatedb' and 'locate
barnyard2 | grep bin''  and that would be a good starting place.****

 ****

But you could also back to the /usr/src/barnyard2* directory and run 'sudo
make install' or 'make install' as root and look at the output.****

On Thu, May 16, 2013 at 1:27 PM, Shaun Marlin <shaun.marlin () canalta com>
wrote:****

What would be the best command to run to find out where it was put.  I
didn’t see anything while doing the install about where it would put the
barnyard2 bin file****

 ****

*From:* Jeremy Hoel [mailto:jthoel () gmail com]
*Sent:* Thursday, May 16, 2013 1:19 PM****


*To:* Shaun Marlin
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] More ACID BASE Help****

 ****

It won't be in a directory.. it should just be a bin by itself.****

 ****

When you build from source, if you do 'make install' as root or as sudo ,
it should but the binary somewhere, normally /usr/local/bin****

On Thu, May 16, 2013 at 1:17 PM, Shaun Marlin <shaun.marlin () canalta com>
wrote:****

No there is no barnyard2 binary in /usr/local/bin****

 ****

I to find the file, but was not able to find a barnyard2 directory.****

 ****

*From:* Jeremy Hoel [mailto:jthoel () gmail com]
*Sent:* Wednesday, May 15, 2013 10:05 PM
*To:* snort-users () lists sourceforge net****


*Subject:* Re: [Snort-users] More ACID BASE Help****

 ****

Is there a barnyard2 binary in /usr/local/bin?   ****

 ****

when you did make install in the /usr/src/barnyard2 directory was there
any errors?****

 ****

Have you tried an 'updatedb' and 'locate barnyard2 | grep bin'****

 ****

Also - please keep replies to the list so that others may learn or help.**
**

 ****

Thanks!****

On Thu, May 16, 2013 at 3:35 AM, Shaun Marlin <shaun.marlin () canalta com>
wrote:****

Now that I have that in place, I have tried to run snort and barnyard using
****

 ****

Now start snort and barnyard with these commands:****

*# /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i
eth0 &*****

*# /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d
/var/log/snort -f snort.log -w /etc/snort/bylog.waldo -G
/etc/snort/gen-msg.map -S*****

*/etc/snort/sid-msg.map -C /etc/snort/classification.config &*****

* *****

*But when I run the second command I get *****

* *****

*root@######:/usr/src# /usr/local/bin/barnyard2 -c
/etc/snort/barnyard2.conf -d /var/log/snort -f snort.log
/etc/snort/sid-msg.map -C /etc/snort/classification.config &
[2] 350
root@######:/usr/src# -bash: /usr/local/bin/barnyard2: No such file or
directory*****

* *****
------------------------------

*From:* Jeremy Hoel [jthoel () gmail com]
*Sent:* Wednesday, May 15, 2013 8:42 PM
*To:* Shaun Marlin
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] More ACID BASE Help****

Look in the barnyard2-* folder in /usr/src; there should a folder called
etc and in there is the default barnyard2.conf ****

 ****

 ****

you could run '*mv etc/barnyard2.conf /etc/snort'*****

 ****

 ****

On Thu, May 16, 2013 at 2:21 AM, Shaun Marlin <shaun.marlin () canalta com>
wrote:****

Hi there again,****

 ****

So I was directed to use this document
http://s3.amazonaws.com/snort-org/www/assets/167/deb_snort_howto.pdf,
which to its credit has worked well so far.  Right now I am stumped on this
section.****

 ****

*4. Install & configure Barnyard2*****

*# cd /usr/src && wget
https://github.com/firnsy/barnyard2/archive/master.tar.gz*****

*# tar -zxf master.tar.gz && cd barnyard2-******

*# autoreconf -fvi -I ./m4 && ./configure --with-mysql && make && make
install*****

*# mv /usr/local/etc/barnyard2.conf /etc/snort*****

*# cp schemas/create_mysql /usr/src*****

 ****

When I run the command****

*mv /usr/local/etc/barnyard2.conf /etc/snort*****

 ****

I get the following error****

*root@#####:/usr/src/barnyard2-master# mv /usr/local/etc/barnyard2.conf
/etc/snort*****

*mv: cannot stat `/usr/local/etc/barnyard2.conf': No such file or
directory*****

 ****

I looked in that folder and there was no barnyard2.conf file at all.****

 ****

Other than that it is going fine****

 ****

Can someone tell my why I can't find barnyard2.conf, or better yet where
it is located when installed on Debian 7?****

 ****

Thanks****

-Shaun****

 ****

*Shaun Marlin*
Network Administrator


*Canalta Family of Companies*****

2109 - 545 Highway 10 East
Drumheller AB Canada T0J 0Y0
PHONE: (403) 820-3865
CELL:     (403) 334-1313  ****

EMAIL:   shaun.marlin () canalta com
WEB:      www.canalta.com

 ****

 ****



------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!****

 ****

 ****

 ****

 ****

 ****

** **



------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: