Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re-Compiling Snort?

From: MMartin () jwpepper com
Date: Mon, 17 Feb 2014 13:43:58 -0500
Hey YM and Joel, thanks for the replies, much appreciated...!

        Joel, If I re-run the configure command with the option you 
suggested, what files would I need to overwrite on my existing install?

Humm... Ok so what I want to be doing is configuring Barnyard2 to 
parse/read Snort's binary (*aka Unified2) log files, right..?
Would that mean I would include the "-b" option to enable the binary 
logging method when I run the Snort command?

So basically Barnyard2 would read my already existing binary log files 
which are in "/var/log/snort/", which is where I set Snort to output its 
logs to. I read in Barnyard2's about page that it, "reads Snorts binary 
(aka unified2) log files and re-sends the data to a database backend...". 
Does barnyard2 supply its own Database backend?

Thanks in Advance,
Matt




From:   Y M <snort () outlook com>
To:     "MMartin () jwpepper com" <mmartin () jwpepper com>
Cc:     snort-users <snort-users () lists sourceforge net>
Date:   02/17/2014 01:13 PM
Subject:        RE: [Snort-users] Re-Compiling Snort?



Hi Matt,
 
Snort's support for MySQL is deprecated since Snort version 2.9.3. What 
probably you want is to output to unified2 format and let Barnyard2 parse 
the logs and insert them into the database. If the sole purpose of 
recompiling Snort is to add MySQL support, then you do not need to 
reconfigure things. 
 
If you are configuring Snort version 2.9.6.0 for the dynamic plugin, you 
may get this (I do):
 
configure: WARNING: unrecognized options: --enable-dynamicplugin
 
I believe this is built-in/hardened now, but I am not sure . You may find 
more information about this in the changelog.
 
Regarding the reconfiguration in general, you can reconfigure Snort on the 
same box , then use make clean, make install and the compiled binary 
should be replaced.
 
YM
 
To: snort-users () lists sourceforge net
From: MMartin () jwpepper com
Date: Mon, 17 Feb 2014 12:51:20 -0500
Subject: [Snort-users] Re-Compiling Snort?

Hey All, 

Installed Version: Snort v2.9.6.0 
OS: OpenSuSE 12.3 (x86_64) 

I have already downloaded/installed and configured Snort on my server 
running OpenSuSE 12.3, and everything seems to be working just fine. 

But when I compiled/configured Snort I did NOT include any of the MySQL 
Options, in order to configure MySQL for BASE and Barnyard2. But I would 
like to get these 'add-ons' for Snort going if I can. So would I be able 
to Re-Compile/Re-Configure Snort and just replace whichever files would 
need replacing after re-compiling, if possible... Does that make sense? 

I don't believe I included any options along with the "./configure" 
command(s) when I ran them initially, as far as I remember... 

I did find this guide below for Configuring Snort with BASE, Barnyard2, 
Oinkmaster, and MySQL. But I didn't find this until after I already 
installed Snort. 
        This is the Guide I found --> http://freelinuxtutorials.com 

And the command I SHOULD have run when I first configured Snort to include 
MySQL was: 
        ./configure –with-mysql –enable-dynamicplugin 
–with-mysql-libraries=/usr/lib64/mysql 

I already have all the prerequisites installed, so could anyone tell me 
what I would need to do if I want to achieve this? Would I just re-run the 
configure, make and make install commands with the appropriate command 
line options this time, on a fresh copy of Snort and just replace the 
already existing files..? 

Any thoughts or suggestions would be much appreciated! 

Thanks in Advance, 
Matt 
------------------------------------------------------------------------------ 
Managing the Performance of Cloud-Based Applications Take advantage of 
what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. 
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________ Snort-users mailing list 
Snort-users () lists sourceforge net Go to this URL to change user options or 
unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: 
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please 
visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: