Snort mailing list archives
Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort
From: Y M <snort () outlook com>
Date: Mon, 26 Aug 2013 17:15:27 +0000
What is the exact error you are getting when you run Barnyard2? From your first email, I see the following error:
ERROR database: 'mysql' support is not compiled into this build of snort
Was this error generated from Barnyard2? As it says, it is Snort and direct database support in Snort was removed since
version 2.9.3.
What was the output of compiling Barnyard2?
Please reply back to the list and not only me as there many talented people here.
Thanks.YM
Date: Mon, 26 Aug 2013 10:03:59 -0700
From: j0liu001 () yahoo com
Subject: Re: [Snort-users] Barnyard2 error: 'mysql' support is not compiled into this build of snort
To: snort () outlook com
My snort install runs fine to logs and I can start Barnyard without
the mysql call with no apparent problems but once I add the mysql
output back into my barnyard.conf file I am unable to start it
Below is my config. Thanks
config from /etc/snort/snort.conf :
----------------------------------------------------------------------------------
# unified2
# Recommended for most installs
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
----------------------------------------------------------------------------------
config from /etc/snort/barnyard2.conf:
----------------------------------------------------------------------------------
# database: log to a variety of databases
# ---------------------------------------
#
# Purpose: This output module provides logging ability to a variety of databases
# See doc/README.database for additional information.
#
# Examples:
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
#
---------------------------------------------------------------------------------------------------
From: Y M <snort () outlook com>
To: James Lieu <j0liu001 () gmail com>; "jesler () sourcefire com" <jesler () sourcefire com>
Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net>
Sent: Monday, August 26, 2013 12:19 PM
Subject: RE: [Snort-users] Barnyard2 error: 'mysql' support is not compiled into this build of snort
What is the output plugin configured in your snort.conf file? If you want to use Barnyard2, you should configure the
unified2 output plugin in your snor.conf.
Example:
output unified2: filename some.logs, limit 128
That said, Snort will generate the unified2 logs and barnyard2 will process these. Also, you need to configure the
database output in barnyard2.conf file.
From:
James Lieu
Sent:
8/26/2013 7:10 PM
To:
jesler () sourcefire com
Cc:
snort-users () lists sourceforge net
Subject:
[Snort-users] Barnyard2 error: 'mysql' support is not compiled into this build of snort
Joel:
Desperately need your help, has been struggling for two-weeks !!
I have been trying to get Barnyard2 to read Snort's output, so the mysql data can been used by Snorby/BASE etc.
But Barnyard2 is not cooperating..
The new version Snort removed ./configure --enable-mysql option
(http://blog.snort.org/2012/07/database-output-is-dead-rip.html)
what should I do ? what/where am I doing wrong?
My environment:
Snort Version 2.9.5.3 GRE (Build 132)
Barnyard2 Version 2.1.13 (Build 327)
OS: CentOS 6.4, 64-bits
Snort compiled as:
./configure --enable-sourcefire --enable-gre
(I am receiving ERSPAN data directly from CISCO 62xx)
Barnyard2 compiled as:
./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql/ --with-mysql-includes=/usr/include/
Snort is running and dumping data as snort.log.XXXXX.
But could not get Barnyard2 running:
barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo
get:
--------------------------------------------------------------------------------
Running in Continuous mode
--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/snort/barnyard2.conf"
+[ Signature Suppress list ]+
----------------------------
+[No entry in Signature Suppress List]+
----------------------------
+[ Signature Suppress list ]+
Barnyard2 spooler: Event cache size set to [2048]
Log directory = /var/log/barnyard2
ERROR database: 'mysql' support is not compiled into this build of snort
ERROR: If this build of barnyard2 was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.
If this build of barnyard2 was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.
See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
Barnyard2 exiting
-----------------------------------------------------------------------------------
config from /etc/snort/snort.conf :
----------------------------------------------------------------------------------
# unified2
# Recommended for most installs
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
----------------------------------------------------------------------------------
config from /etc/snort/barnyard2.conf:
----------------------------------------------------------------------------------
# database: log to a variety of databases
# ---------------------------------------
#
# Purpose: This output module provides logging ability to a variety of databases
# See doc/README.database for additional information.
#
# Examples:
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
# output database: alert, postgresql, user=snort dbname=snort
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
#
---------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list
archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort, (continued)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort James Lieu (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort James Lieu (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort Joel Esler (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort Jefferson, Shawn (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort James Lieu (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort James Lieu (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort beenph (Aug 26)
- Re: [barnyard2-users] Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort Starner, Mark (Aug 27)
- Re: [barnyard2-users] Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort beenph (Aug 27)
- Message not available
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort Y M (Aug 26)
- Re: Barnyard2 error: 'mysql' support is not compiled into this build of snort James Lieu (Aug 26)