<div dir="ltr"><br><span id="result_box" class="short_text"><span style="background-color: rgb(230, 236, 249); color: rgb(0, 0, 0);" title="">You're a genius</span></span>, that works. Thank u so much :)<br><br>Brant these arre my files :<br>
<br>-rw-r--r-- 1 root root 8167 2010-07-12 11:04 barnyard2.conf<br>-rw-r--r-- 1 root root 3533 2010-06-07 09:15 classification.config<br>-rwxr-xr-x 1 root root 18217 2010-07-12 12:17 gen-msg.map<br>-rwxr-xr-x 1 root root 548 2010-07-12 12:17 reference.config<br>
drwxr-xr-x 2 1004 1004 4096 2010-06-16 16:50 rules<br>-rwxr-xr-x 1 root root 188588 2010-07-12 12:17 sid-msg.map<br>-rw-r--r-- 1 root root 12413 2010-06-16 10:52 suricata.yaml<br><br><br>See you tomorrow, i'll try to install BASE.<br>
<br>Cheers.<br><span style="color: rgb(192, 192, 192);">A.</span><br><br><br><div class="gmail_quote">2010/7/12 Brant Wells <span dir="ltr"><<a href="mailto:bwells@tfc.edu">bwells@tfc.edu</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
What files are in your /etc/suricata directory?<div><br></div><div><font color="#888888">~Brant</font><div><div></div><div class="h5"><br><br><div class="gmail_quote">On Mon, Jul 12, 2010 at 9:15 AM, Anas.B <span dir="ltr"><<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr">Yes, I have just reapeted the operation.<br><br><span style="color: rgb(102, 0, 0);"><span style="color: rgb(0, 0, 0);">That's
what i did</span><br><b style="color: rgb(255, 0, 0);"><br>and <br><br>root@ubuntu:/usr/local/barnyard2-1.8#
make</b><br style="color: rgb(0, 0, 0);">
<span style="color: rgb(0, 0, 0);">I had like these errors :</span><br>make[2]:
Entering directory `/usr/local/barnyard2-1.8/etc'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]:
Nothing to be done for `all'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/etc'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">Making all in doc</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8/doc'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for `all'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/doc'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">Making all in rpm</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8/rpm'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for `all'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/rpm'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">Making all in schemas</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8/schemas'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be
done for `all'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/schemas'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">Making all in m4</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8/m4'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for `all'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/m4'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8'</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[1]: Leaving directory
`/usr/local/barnyard2-1.8'</span><br>
<br><br>and <b style="color: rgb(255, 0, 0);">#make install</b><br><br><span style="color: rgb(102, 0, 0);"><span style="color: rgb(0, 0, 0);">I
had like these errors :</span></span><br><br><span style="color: rgb(102, 0, 0);">Making install in schemas</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[1]: Entering directory
`/usr/local/barnyard2-1.8/schemas'</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8/schemas'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be
done for `install-exec-am'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for
`install-data-am'.</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/schemas'</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[1]: Leaving directory
`/usr/local/barnyard2-1.8/schemas'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">Making install in m4</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[1]: Entering directory
`/usr/local/barnyard2-1.8/m4'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8/m4'</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for
`install-exec-am'.</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for
`install-data-am'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8/m4'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[1]: Leaving directory
`/usr/local/barnyard2-1.8/m4'</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[1]: Entering directory
`/usr/local/barnyard2-1.8'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Entering directory
`/usr/local/barnyard2-1.8'</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for
`install-exec-am'.</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[2]: Nothing to be done for
`install-data-am'.</span><br style="color: rgb(102, 0, 0);">
<span style="color: rgb(102, 0, 0);">make[2]: Leaving directory
`/usr/local/barnyard2-1.8'</span><br style="color: rgb(102, 0, 0);"><span style="color: rgb(102, 0, 0);">make[1]: Leaving directory
`/usr/local/barnyard2-1.8'</span><br>
<br><br><br><br><div class="gmail_quote">2010/7/12 Brant Wells <span dir="ltr"><<a href="mailto:bwells@tfc.edu" target="_blank">bwells@tfc.edu</a>></span><div><div></div><div><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Did you compile Barnyard2 yourself?<div><br></div><div>You should make sure to...</div><div><br></div><div>./configure --with-mysql </div><div><br></div><div>when you build Barnyard 2... and make sure that reference.config, gen-msg.map and sid-msg.map have all been copied into /etc/suricata!</div>
<div><br></div><div>Let me know what happens!<br><font color="#888888">~Brant</font></div><div><div></div><div><div><br></div><div><br><div class="gmail_quote">On Mon, Jul 12, 2010 at 6:11 AM, Anas.B <span dir="ltr"><<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr"><font size="1"><font size="2">I have just the database's name as "snort".<br>
<br>still this error :<br>
<br></font><div>--== Initializing Barnyard2 ==--<br>Initializing Input Plugins!<br>Initializing Output Plugins!<br>
Parsing config file "/etc/suricata/barnyard2.conf"<br><span style="color: rgb(255, 0, 0);">ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No such file or directory)</span><br style="color: rgb(255, 0, 0);">
</div><span style="color: rgb(255, 0, 0);">ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such file or directory</span><br style="color: rgb(255, 0, 0);"><span style="color: rgb(255, 0, 0);">ERROR: Unable to open SID file '/etc/suricata/sid-msg.map' (No such file or directory)</span><div>
<br>
Log directory = /var/log/barnyard2<br>database: 'mysql' support is not compiled into this build of snort<br><br>ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm,<br>or Windows), then check for alternate builds that contains the necessary<br>
'mysql' support.<br><br>If this build of snort was compiled by you, then re-run the<br>the ./configure script using the '--with-mysql' switch.<br>For non-standard installations of a database, the '--with-mysql=DIR'<br>
syntax may need to be used to specify the base directory of the DB install.<br><br>See the database documentation for cursory details (doc/README.database).<br>and the URL to the most recent database plugin documentation.<br>
Fatal Error, Quitting..</div></font><br><br>we don't have these files in Suricata :<br><font style="color: rgb(102, 0, 0);" size="2"><div>'/etc/suricata/reference.config'
(No such file or directory)<br></div>
ERROR: Unable to open Generator
file "/etc/suricata/gen-msg.map": No such file or directory<br>
ERROR: Unable to open SID file
'/etc/suricata/sid-msg.map'</font><br>!!!<br><br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr">
<div class="gmail_quote"><div><div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
<br>
Selon "Anas.B" <<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>>:<br>
<br>
> *Help me, please !*<div><div></div><div><br>
<div><div>><br>
> 2010/7/9 Anas.B <<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>><br>
><br>
> > Hello,<br>
> > Back :)<br>
> ><br>
> > Compiling Barnyard, I had this Error :<br>
> ><br>
> > --== Initializing Barnyard2 ==--<br>
> > Initializing Input Plugins!<br>
> > Initializing Output Plugins!<br>
> > Parsing config file "/etc/suricata/barnyard2.conf"<br>
> > ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No<br>
> > such file or directory)<br>
> > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file<br>
> > or directory<br>
> > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file or<br>
> > directory)<br>
> > Log directory = /var/log/barnyard2<br>
> > database: 'mysql' support is not compiled into this build of snort<br>
> ><br>
> > ERROR: If this build of snort was obtained as a binary distribution (e.g.,<br>
> > rpm,<br>
> > or Windows), then check for alternate builds that contains the necessary<br>
> > 'mysql' support.<br>
> ><br>
> > If this build of snort was compiled by you, then re-run the<br>
> > the ./configure script using the '--with-mysql' switch.<br>
> > For non-standard installations of a database, the '--with-mysql=DIR'<br>
> > syntax may need to be used to specify the base directory of the DB install.<br>
> ><br>
> > See the database documentation for cursory details (doc/README.database).<br>
> > and the URL to the most recent database plugin documentation.<br>
> > Fatal Error, Quitting..<br>
> ><br>
> ><br>
> > Remind that in barnyard.conf we have :<br>
> > # set the appropriate paths to the file(s) your Snort process is using.<br>
> > #<br>
> > *config reference_file: /etc/suricata/reference.config*<br>
> > config classification_file: /etc/suricata/classification.config<br>
> > *config gen_file: /etc/snort/gen-msg.map<br>
> > config sid_file: /etc/snort/sid-msg.map*<br>
> ><br>
> > We don't have these files in suricata ! so how should i react !!!??<br>
> ><br>
> > best regards!<br>
> > A..<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > 2010/7/8 Anas.B <<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>><br>
> ><br>
> > Ah, I had a doubt about it,<br>
> >><br>
> >> Thank you, I will retry and tell u, results :)<br>
> >><br>
> >><br>
> >> Cheers.<br>
> >><br>
> >> Anas<br>
> >><br>
> >> 2010/7/8 Brant Wells <<a href="mailto:bwells@tfc.edu" target="_blank">bwells@tfc.edu</a>><br>
> >><br>
> >> The Barnyard download should have come with an example file in the<br>
> >>> download.... Inside of the download's folder, there is a barnyard.conf<br>
> file<br>
> >>> in ./etc -- I usually copy this to /etc/suricata/barnyard.conf and then<br>
> >>> modify as needed.<br>
> >>><br>
> >>> See Yas!<br>
> >>> ~Brant<br>
> >>><br>
> >>><br>
> >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>> wrote:<br>
> >>><br>
> >>>> Hi Will,<br>
> >>>><br>
> >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"<br>
> >>>><br>
> >>>> in Suricata.yaml,<br>
> >>>> we have already :<br>
> >>>><br>
> >>>><br>
> >>>> - unified-log:<br>
> >>>> enabled: yes<br>
> >>>> filename: unified.log<br>
> >>>><br>
> >>>> # Limit in MB.<br>
> >>>> #limit: 32<br>
> >>>><br>
> >>>><br>
> >>>> - unified-alert:<br>
> >>>> enabled: yes<br>
> >>>> filename: unified.alert<br>
> >>>><br>
> >>>> # Limit in MB.<br>
> >>>> #limit: 32<br>
> >>>><br>
> >>>> - unified2-alert:<br>
> >>>> enabled: yes<br>
> >>>><br>
> >>>><br>
> >>>> filename: unified2.alert<br>
> >>>><br>
> >>>> but how could we link between Suricata log folder and barnyard. ?<br>
> >>>> help me please.<br>
> >>>><br>
> >>>> Regards.<br>
> >>>><br>
> >>>> Anas<br>
> >>>><br>
> >>>><br>
> >>>> 2010/7/8 Will Metcalf <<a href="mailto:william.metcalf@gmail.com" target="_blank">william.metcalf@gmail.com</a>><br>
> >>>><br>
> >>>> unified1 logs are disabled by default have you enabled them in your<br>
> >>>>> suricata.yaml file? Also you need to change the -f snort.log to be -f<br>
> >>>>> unified.log. As as an fyi you should look at unified2/barnyard2 if you<br>
> >>>>> are doing a fresh install.<br>
> >>>>><br>
> >>>>> - unified-log:<br>
> >>>>> enabled: yes<br>
> >>>>> filename: unified.log<br>
> >>>>><br>
> >>>>> - unified-alert:<br>
> >>>>> enabled: yes<br>
> >>>>> filename: unified.alert<br>
> >>>>><br>
> >>>>> Regards,<br>
> >>>>><br>
> >>>>> Will<br>
> >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <<a href="mailto:a.bouhsaina@gmail.com" target="_blank">a.bouhsaina@gmail.com</a>> wrote:<br>
> >>>>> > Hello everyone,<br>
> >>>>> ><br>
> >>>>> > I've installed mysql, created the database, with snort shemas<br>
> >>>>> (tables),,<br>
> >>>>> > also Barnyard,<br>
> >>>>> ><br>
> >>>>> ><br>
> >>>>> > in barnyard.conf :<br>
> >>>>> > I've replaced these lines :<br>
> >>>>> ><br>
> >>>>> > config hostname: debian<br>
> >>>>> > config interface: eth0<br>
> >>>>> > output log_acid_db: mysql, database snort, server localhost, user<br>
> >>>>> root,<br>
> >>>>> > password mysnortpassword, detail full<br>
> >>>>> ><br>
> >>>>> > But to launch Barnyard<br>
> >>>>> > I changed the command (snort) from this :<br>
> >>>>> ><br>
> >>>>> > # /usr/local/bin/barnyard \<br>
> >>>>> > -c /etc/snort/barnyard.conf \<br>
> >>>>> > -g /etc/snort/gen-msg.map \<br>
> >>>>> > -s /etc/snort/sid-msg.map \<br>
> >>>>> > -d /var/log/snort \<br>
> >>>>> > -f snort.log \<br>
> >>>>> > -w /etc/snort/barnyard.waldo &<br>
> >>>>> ><br>
> >>>>> > to this<br>
> >>>>> ><br>
> >>>>> > # /usr/local/bin/barnyard -c /etc/suricata/barnyard.conf -d<br>
> >>>>> > /var/log/suricata &<br>
> >>>>> ><br>
> >>>>> > But it dosen't work :s<br>
> >>>>> ><br>
> >>>>> > Can u help me,<br>
> >>>>> ><br>
> >>>>> > Regards.<br>
> >>>>> > Anas<br>
> >>>>> ><br>
> >>>>> > _______________________________________________<br>
> >>>>> > Oisf-users mailing list<br>
> >>>>> > <a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>
> >>>>> > <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> >>>>> ><br>
> >>>>> ><br>
> >>>>><br>
> >>>><br>
> >>>><br>
> >>>> _______________________________________________<br>
> >>>> Oisf-users mailing list<br>
> >>>> <a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>
> >>>> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> >>>><br>
> >>>><br>
> >>><br>
> >><br>
> ><br>
><br>
<br>
<br>
</div></div></div></div></blockquote></div></div></div><br></div>
</blockquote><br></div><br></div>
<br>_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div>
<br>_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>