Snort mailing list archives
Re: Question regarding Barnyard2
From: "Bob Baller" <bobballer () q com>
Date: Mon, 16 Jan 2017 09:04:21 -0600
Noah;
Thanks, I did in fact use the second line. I first used it as shown below, then I tried it by specifically defining
the ‘—with-mysql’ param
e.g.: ('--with-mysql=/usr/'; '--with-mysql=/var/lib/mysql' ; '--with-mysql=/usr/lib/mysql/plugin' and
'--with-mysql=/usr/share/mysql/’) I think I’ve run the configure command close to twenty times trying different
settings.
My understanding of the purpose of the ’ –with-mysql ‘ param is to define the base directory of the mysql database. So
when it didn’t work without a defined directory I set it to be the basedir as shown in Mysql. When that didn’t work I
tried the datadir, then I just tried everything. Each time I ran .configure I also ran make and make install. (using
sudo)
mysql> SHOW VARIABLES WHERE Variable_Name LIKE "%dir";
+---------------------------+----------------------------+
| Variable_name | Value |
+---------------------------+----------------------------+
| basedir | /usr/ |
| character_sets_dir | /usr/share/mysql/charsets/ |
| datadir | /var/lib/mysql/ |
| innodb_data_home_dir | |
| innodb_log_group_home_dir | ./ |
| innodb_tmpdir | |
| lc_messages_dir | /usr/share/mysql/ |
| plugin_dir | /usr/lib/mysql/plugin/ |
| slave_load_tmpdir | /tmp |
| tmpdir | /tmp |
+---------------------------+----------------------------+
Your guide was one of three that I had found, (Actually I found yours earlier this week and haven’t had a chance to get
into it yet) One thing that concerned me when using the guides was the date on the two that I have been looking at –
one was from 2012.
Here are the results of the configure command using the ‘—with-mysql’ without a defined directory:
bob@HP7620 ~/Downloads/Barnyard2/barnyard2-master $ sudo ./configure --with-mysql
--with-mysql-libraries=/usr/lib/i386-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu format... func_convert_file_noop
checking how to convert i686-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc option to accept ISO C99... none needed
checking for gcc option to accept ISO Standard C... (cached) none needed
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) none
checking whether byte ordering is bigendian... no
checking for bison... bison
checking for flex... flex
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/sockio.h usability... no
checking sys/sockio.h presence... no
checking for sys/sockio.h... no
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking for inttypes.h... (cached) yes
checking wchar.h usability... yes
checking wchar.h presence... yes
checking for wchar.h... yes
checking math.h usability... yes
checking math.h presence... yes
checking for math.h... yes
checking for floor in -lm... yes
checking for ceil in -lm... yes
checking for inet_ntoa in -lnsl... yes
checking for socket in -lsocket... no
checking whether printf must be declared... no
checking whether fprintf must be declared... no
checking whether syslog must be declared... no
checking whether puts must be declared... no
checking whether fputs must be declared... no
checking whether fputc must be declared... no
checking whether fopen must be declared... no
checking whether fclose must be declared... no
checking whether fwrite must be declared... no
checking whether fflush must be declared... no
checking whether getopt must be declared... no
checking whether bzero must be declared... no
checking whether bcopy must be declared... no
checking whether memset must be declared... no
checking whether strtol must be declared... no
checking whether strcasecmp must be declared... no
checking whether strncasecmp must be declared... no
checking whether strerror must be declared... no
checking whether perror must be declared... no
checking whether socket must be declared... no
checking whether sendto must be declared... no
checking whether vsnprintf must be declared... no
checking whether snprintf must be declared... no
checking whether strtoul must be declared... no
checking for snprintf... yes
checking for strlcpy... no
checking for strlcat... no
checking for strerror... yes
checking for vswprintf... yes
checking for wprintf... yes
checking size of char... 1
checking size of short... 2
checking size of int... 4
checking size of long int... 4
checking size of long long int... 8
checking size of unsigned int... 4
checking size of unsigned long int... 4
checking size of unsigned long long int... 8
checking for u_int8_t... yes
checking for u_int16_t... yes
checking for u_int32_t... yes
checking for u_int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for INADDR_NONE... yes
checking for __FUNCTION__... yes
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking for pcap_datalink in -lpcap... yes
checking for sparc... no
checking for mysql... yes
checking for compress in -lz... yes
checking for mysql default client reconnect... no
checking for mysql reconnect option... yes
checking for mysql setting of reconnect option before connect bug... no
checking for linuxthreads... no
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/sfutil/Makefile
config.status: creating src/input-plugins/Makefile
config.status: creating src/output-plugins/Makefile
config.status: creating etc/Makefile
config.status: creating doc/Makefile
config.status: creating rpm/Makefile
config.status: creating schemas/Makefile
config.status: creating m4/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
I appreciate your help.
From: Noah Dietrich [mailto:noah_dietrich () 86penny org]
Sent: Sunday, January 15, 2017 10:27 PM
To: Bob Baller
Cc: Y M; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question regarding Barnyard2
These are the two sql libraries you need to install Barnyard2:
sudo apt-get install -y mysql-server libmysqlclient-dev mysql-client
I suspect that your issue is that you're not using the correct flag when you configure barnyard2. The correct command
is one of the following two lines (probably the second line, since you're on the x86 version of Ubuntu):
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu
./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu
this ensures that you are adding the correct mysql libraries.
These instructions are from my Snort guide: http://sublimerobots.com/2017/01/snort-2-9-9-x-ubuntu-installing-barnyard2/
On another note: the version of Snort that you are installing is really old (i'm assuming you're installing it from the
repositories). You probably want to install snort manually to get the latest (and supported) version. My guide is here
for the 2.9.9.0 version (latest) release of snort on Ubuntu:
http://sublimerobots.com/2017/01/snort-2-9-9-x-ubuntu-installing-snort/, along with barnyard2, PulledPork, and BASE.
Noah
On Sun, Jan 15, 2017 at 9:02 PM, Bob Baller <bobballer () q com> wrote:
Thanks for the response. Looking in Synaptic, I see the following installed:
· Libmysqlclient-dev
· libmysqlclient20
Both of them are at version 5.7.16-0ubuntu0.16.04.1
So here is possibly a dumb question: Is it possible for something to be installed and not show up in Synaptic?
From: Y M [mailto:snort () outlook com]
Sent: Sunday, January 15, 2017 9:05 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question regarding Barnyard2
I "think" you have to also install libmysqlclient-dev or it's equivalent on your distro. I am not on a computer to
validate.
YM.
_____________________________
From: Bob Baller <bobballer () q com>
Sent: Sunday, January 15, 2017 12:32 AM
Subject: [Snort-users] Question regarding Barnyard2
To: <snort-users () lists sourceforge net>
Hello, I am having a problem getting Barnyard2 to work. Snort seems to be working fine but I keep getting the
following error when I attempt to run Barnyard:
ERROR database: 'mysql' support is not compiled into this build of barnyard2
ERROR: If this build of barnyard2 was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.
I’ve set ‘--with-MySql’ and have reinstalled it many times. I am clearly missing something
I am running the following
Linux Mint ver 18 32bit
MySql ver 5.7.16-0ubuntu0.16.04.1
Snort ver 2.9.7.0-5
Barnyard2 ver 2.1.14 Build 339
I would appreciate any help.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question regarding Barnyard2 Bob Baller (Jan 14)
- Re: Question regarding Barnyard2 Y M (Jan 15)
- Re: Question regarding Barnyard2 Bob Baller (Jan 15)
- Re: Question regarding Barnyard2 Noah Dietrich (Jan 15)
- Re: Question regarding Barnyard2 Bob Baller (Jan 16)
- Re: Question regarding Barnyard2 Bob Baller (Jan 15)
- Re: Question regarding Barnyard2 Y M (Jan 15)
- <Possible follow-ups>
- Re: Question regarding Barnyard2 Dheeraj Gupta (Jan 15)