Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Using barnyard2 with newer versions of Snort (no mysql)
New Posts  All Forums:Forum Nav:

Using barnyard2 with newer versions of Snort (no mysql)

post #1 of 3
Thread Starter 
ok so the newer versions of snort do not compile with MySQL support because the preferred method is now unified2 output which is then parsed by barnyard2 to log to a MySQL database for BASE or Snorby to view.

Now the problem is that when I try to run barnyard2 it complains that my version of snort does not have MySQL support and it halts. Does anybody actually run barnyard2 these days with the newer version of snort? and how if so?

Do people actually have to use old MySQL versions of snort to operate barnyard these days? and if so why on earth do you need MySQL support on snort when it is barnyard that is actually outputting to a database anyway and snort is merely logging in a flat unified format.

I'm not expecting many answers on this one to be honest but worth a try smile.gif
p.s. I tried compiling with and without the --with-mysql switch on barnyard2
Code:
Ubuntu Server 14.10 trusty tahr - all dependencies appear to be met

Snort version ( tried v2.9.5.3 - v2.9.6.0 ) *works (without mysql)
Pulledpork (v0.7.0) *works
Code:
Barnyard2 (2.1.13 build 327) error =

ERROR database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of barnyard2 was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of barnyard2 was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
Barnyard2 exiting


Edited by scottish_jason - 1/29/14 at 12:02pm
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3.2ghz (400x8) DFI Lan Party DK-X48 Sapphire HD 4870 4gig OCZ 1066mhz 
Hard DriveOSMonitorPower
500gig Seagate 702.11 Vista/XP Dual boot Acer 22" and Optoma HD65 Projector 750w Corsair 
Case
Antec Twelve Hundred 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3.2ghz (400x8) DFI Lan Party DK-X48 Sapphire HD 4870 4gig OCZ 1066mhz 
Hard DriveOSMonitorPower
500gig Seagate 702.11 Vista/XP Dual boot Acer 22" and Optoma HD65 Projector 750w Corsair 
Case
Antec Twelve Hundred 
  hide details  
Reply
post #2 of 3
I spent a week trying to get Snort working on a Debian server with a decent web based GUI. It was a complete nightmare. Sadly I can't remember a single thing about how I set it up even though it was less than a year ago weirdsmiley.gif
post #3 of 3
The Snort + Barnyard2: Nightmare are 4 years ago solved allready

by Geek Sandor Gonzalez thumb.gif

See His Blog about Snort+Base+Barnyard2:

http://gsxbinary.blogspot.de/2010/07/snort-barnyard2-mysql-base-intro.html


WE not use Ubuntu as we DO NOT like Debian packaging at all .. RPMbuild are simpler.
... see https://github.com/remsnet/OpenSuSE-RPI-Snort


Hope this helps.

regards
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Using barnyard2 with newer versions of Snort (no mysql)