[Oisf-users] Suri-GUI
Will Metcalf
william.metcalf at gmail.com
Mon Jul 12 14:23:07 UTC 2010
You have to run make clean before rerunning ./configure
Regards,
Will
Sent from my iPhone
On Jul 12, 2010, at 8:15 AM, "Anas.B" <a.bouhsaina at gmail.com> wrote:
> Yes, I have just reapeted the operation.
>
> That's what i did
>
> and
>
> root at ubuntu:/usr/local/barnyard2-1.8# make
> I had like these errors :
> make[2]: Entering directory `/usr/local/barnyard2-1.8/etc'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/etc'
> Making all in doc
> make[2]: Entering directory `/usr/local/barnyard2-1.8/doc'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/doc'
> Making all in rpm
> make[2]: Entering directory `/usr/local/barnyard2-1.8/rpm'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/rpm'
> Making all in schemas
> make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
> Making all in m4
> make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
> make[2]: Entering directory `/usr/local/barnyard2-1.8'
> make[2]: Leaving directory `/usr/local/barnyard2-1.8'
> make[1]: Leaving directory `/usr/local/barnyard2-1.8'
>
>
> and #make install
>
> I had like these errors :
>
> Making install in schemas
> make[1]: Entering directory `/usr/local/barnyard2-1.8/schemas'
> make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
> make[2]: Nothing to be done for `install-exec-am'.
> make[2]: Nothing to be done for `install-data-am'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
> make[1]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
> Making install in m4
> make[1]: Entering directory `/usr/local/barnyard2-1.8/m4'
> make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
> make[2]: Nothing to be done for `install-exec-am'.
> make[2]: Nothing to be done for `install-data-am'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
> make[1]: Leaving directory `/usr/local/barnyard2-1.8/m4'
> make[1]: Entering directory `/usr/local/barnyard2-1.8'
> make[2]: Entering directory `/usr/local/barnyard2-1.8'
> make[2]: Nothing to be done for `install-exec-am'.
> make[2]: Nothing to be done for `install-data-am'.
> make[2]: Leaving directory `/usr/local/barnyard2-1.8'
> make[1]: Leaving directory `/usr/local/barnyard2-1.8'
>
>
>
>
> 2010/7/12 Brant Wells <bwells at tfc.edu>
> Did you compile Barnyard2 yourself?
>
> You should make sure to...
>
> ./configure --with-mysql
>
> when you build Barnyard 2... and make sure that reference.config, gen-msg.map and sid-msg.map have all been copied into /etc/suricata!
>
> Let me know what happens!
> ~Brant
>
>
> On Mon, Jul 12, 2010 at 6:11 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> I have just the database's name as "snort".
>
> still this error :
>
> --== Initializing Barnyard2 ==--
> Initializing Input Plugins!
> Initializing Output Plugins!
> Parsing config file "/etc/suricata/barnyard2.conf"
> ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No such file or directory)
> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such file or directory
> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map' (No such file or directory)
>
> Log directory = /var/log/barnyard2
> database: 'mysql' support is not compiled into this build of snort
>
> ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm,
> or Windows), then check for alternate builds that contains the necessary
> 'mysql' support.
>
> If this build of snort was compiled by you, then re-run the
> the ./configure script using the '--with-mysql' switch.
> For non-standard installations of a database, the '--with-mysql=DIR'
> syntax may need to be used to specify the base directory of the DB install.
>
> See the database documentation for cursory details (doc/README.database).
> and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
>
>
> we don't have these files in Suricata :
> '/etc/suricata/reference.config' (No such file or directory)
> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such file or directory
> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map'
> !!!
>
>
>
>
> Selon "Anas.B" <a.bouhsaina at gmail.com>:
>
> > *Help me, please !*
>
> >
> > 2010/7/9 Anas.B <a.bouhsaina at gmail.com>
> >
> > > Hello,
> > > Back :)
> > >
> > > Compiling Barnyard, I had this Error :
> > >
> > > --== Initializing Barnyard2 ==--
> > > Initializing Input Plugins!
> > > Initializing Output Plugins!
> > > Parsing config file "/etc/suricata/barnyard2.conf"
> > > ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No
> > > such file or directory)
> > > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file
> > > or directory
> > > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file or
> > > directory)
> > > Log directory = /var/log/barnyard2
> > > database: 'mysql' support is not compiled into this build of snort
> > >
> > > ERROR: If this build of snort was obtained as a binary distribution (e.g.,
> > > rpm,
> > > or Windows), then check for alternate builds that contains the necessary
> > > 'mysql' support.
> > >
> > > If this build of snort was compiled by you, then re-run the
> > > the ./configure script using the '--with-mysql' switch.
> > > For non-standard installations of a database, the '--with-mysql=DIR'
> > > syntax may need to be used to specify the base directory of the DB install.
> > >
> > > See the database documentation for cursory details (doc/README.database).
> > > and the URL to the most recent database plugin documentation.
> > > Fatal Error, Quitting..
> > >
> > >
> > > Remind that in barnyard.conf we have :
> > > # set the appropriate paths to the file(s) your Snort process is using.
> > > #
> > > *config reference_file: /etc/suricata/reference.config*
> > > config classification_file: /etc/suricata/classification.config
> > > *config gen_file: /etc/snort/gen-msg.map
> > > config sid_file: /etc/snort/sid-msg.map*
> > >
> > > We don't have these files in suricata ! so how should i react !!!??
> > >
> > > best regards!
> > > A..
> > >
> > >
> > >
> > >
> > > 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
> > >
> > > Ah, I had a doubt about it,
> > >>
> > >> Thank you, I will retry and tell u, results :)
> > >>
> > >>
> > >> Cheers.
> > >>
> > >> Anas
> > >>
> > >> 2010/7/8 Brant Wells <bwells at tfc.edu>
> > >>
> > >> The Barnyard download should have come with an example file in the
> > >>> download.... Inside of the download's folder, there is a barnyard.conf
> > file
> > >>> in ./etc -- I usually copy this to /etc/suricata/barnyard.conf and then
> > >>> modify as needed.
> > >>>
> > >>> See Yas!
> > >>> ~Brant
> > >>>
> > >>>
> > >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> > >>>
> > >>>> Hi Will,
> > >>>>
> > >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"
> > >>>>
> > >>>> in Suricata.yaml,
> > >>>> we have already :
> > >>>>
> > >>>>
> > >>>> - unified-log:
> > >>>> enabled: yes
> > >>>> filename: unified.log
> > >>>>
> > >>>> # Limit in MB.
> > >>>> #limit: 32
> > >>>>
> > >>>>
> > >>>> - unified-alert:
> > >>>> enabled: yes
> > >>>> filename: unified.alert
> > >>>>
> > >>>> # Limit in MB.
> > >>>> #limit: 32
> > >>>>
> > >>>> - unified2-alert:
> > >>>> enabled: yes
> > >>>>
> > >>>>
> > >>>> filename: unified2.alert
> > >>>>
> > >>>> but how could we link between Suricata log folder and barnyard. ?
> > >>>> help me please.
> > >>>>
> > >>>> Regards.
> > >>>>
> > >>>> Anas
> > >>>>
> > >>>>
> > >>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
> > >>>>
> > >>>> unified1 logs are disabled by default have you enabled them in your
> > >>>>> suricata.yaml file? Also you need to change the -f snort.log to be -f
> > >>>>> unified.log. As as an fyi you should look at unified2/barnyard2 if you
> > >>>>> are doing a fresh install.
> > >>>>>
> > >>>>> - unified-log:
> > >>>>> enabled: yes
> > >>>>> filename: unified.log
> > >>>>>
> > >>>>> - unified-alert:
> > >>>>> enabled: yes
> > >>>>> filename: unified.alert
> > >>>>>
> > >>>>> Regards,
> > >>>>>
> > >>>>> Will
> > >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> > >>>>> > Hello everyone,
> > >>>>> >
> > >>>>> > I've installed mysql, created the database, with snort shemas
> > >>>>> (tables),,
> > >>>>> > also Barnyard,
> > >>>>> >
> > >>>>> >
> > >>>>> > in barnyard.conf :
> > >>>>> > I've replaced these lines :
> > >>>>> >
> > >>>>> > config hostname: debian
> > >>>>> > config interface: eth0
> > >>>>> > output log_acid_db: mysql, database snort, server localhost, user
> > >>>>> root,
> > >>>>> > password mysnortpassword, detail full
> > >>>>> >
> > >>>>> > But to launch Barnyard
> > >>>>> > I changed the command (snort) from this :
> > >>>>> >
> > >>>>> > # /usr/local/bin/barnyard \
> > >>>>> > -c /etc/snort/barnyard.conf \
> > >>>>> > -g /etc/snort/gen-msg.map \
> > >>>>> > -s /etc/snort/sid-msg.map \
> > >>>>> > -d /var/log/snort \
> > >>>>> > -f snort.log \
> > >>>>> > -w /etc/snort/barnyard.waldo &
> > >>>>> >
> > >>>>> > to this
> > >>>>> >
> > >>>>> > # /usr/local/bin/barnyard -c /etc/suricata/barnyard.conf -d
> > >>>>> > /var/log/suricata &
> > >>>>> >
> > >>>>> > But it dosen't work :s
> > >>>>> >
> > >>>>> > Can u help me,
> > >>>>> >
> > >>>>> > Regards.
> > >>>>> > Anas
> > >>>>> >
> > >>>>> > _______________________________________________
> > >>>>> > Oisf-users mailing list
> > >>>>> > Oisf-users at openinfosecfoundation.org
> > >>>>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >>>>> >
> > >>>>> >
> > >>>>>
> > >>>>
> > >>>>
> > >>>> _______________________________________________
> > >>>> Oisf-users mailing list
> > >>>> Oisf-users at openinfosecfoundation.org
> > >>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >>>>
> > >>>>
> > >>>
> > >>
> > >
> >
>
>
>
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/1dac5d02/attachment-0002.html>
More information about the Oisf-users
mailing list