[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Fri Jul 9 12:13:50 UTC 2010 

 Hello,
Back :)

Compiling Barnyard, I had this Error :

--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/suricata/barnyard2.conf"
ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No
such file or directory)
ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file
or directory
ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file or
directory)
Log directory = /var/log/barnyard2
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g.,
rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..


Remind that in barnyard.conf we have :
# set the appropriate paths to the file(s) your Snort process is using.
#
*config reference_file:        /etc/suricata/reference.config*
config classification_file: /etc/suricata/classification.config
*config gen_file:            /etc/snort/gen-msg.map
config sid_file:            /etc/snort/sid-msg.map*

We don't have these files in suricata ! so how should i react !!!??

best regards!
A..




2010/7/8 Anas.B <a.bouhsaina at gmail.com>

> Ah, I had a doubt about it,
>
> Thank you, I will retry and tell u, results :)
>
>
> Cheers.
>
> Anas
>
> 2010/7/8 Brant Wells <bwells at tfc.edu>
>
> The Barnyard download should have come with an example file in the
>> download....  Inside of the download's folder, there is a barnyard.conf file
>> in ./etc  -- I usually copy this to /etc/suricata/barnyard.conf and then
>> modify as needed.
>>
>> See Yas!
>> ~Brant
>>
>>
>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>>
>>> Hi Will,
>>>
>>> I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"
>>>
>>> in Suricata.yaml,
>>> we have already :
>>>
>>>
>>>   - unified-log:
>>>       enabled: yes
>>>       filename: unified.log
>>>
>>>       # Limit in MB.
>>>       #limit: 32
>>>
>>>
>>>   - unified-alert:
>>>       enabled: yes
>>>       filename: unified.alert
>>>
>>>       # Limit in MB.
>>>       #limit: 32
>>>
>>>   - unified2-alert:
>>>       enabled: yes
>>>
>>>
>>>       filename: unified2.alert
>>>
>>> but how could we link between Suricata log folder and barnyard. ?
>>> help me please.
>>>
>>> Regards.
>>>
>>> Anas
>>>
>>>
>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
>>>
>>> unified1 logs are disabled by default have you enabled them in your
>>>> suricata.yaml file?  Also you need to change the -f snort.log to be -f
>>>> unified.log. As as an fyi you should look at unified2/barnyard2 if you
>>>> are doing a fresh install.
>>>>
>>>>  - unified-log:
>>>>      enabled: yes
>>>>      filename: unified.log
>>>>
>>>>  - unified-alert:
>>>>      enabled: yes
>>>>      filename: unified.alert
>>>>
>>>> Regards,
>>>>
>>>> Will
>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>>>> > Hello everyone,
>>>> >
>>>> > I've installed mysql, created the database, with snort shemas
>>>> (tables),,
>>>> > also Barnyard,
>>>> >
>>>> >
>>>> > in barnyard.conf :
>>>> > I've replaced these lines :
>>>> >
>>>> > config hostname: debian
>>>> > config interface: eth0
>>>> > output log_acid_db: mysql, database snort, server localhost, user
>>>> root,
>>>> > password mysnortpassword, detail full
>>>> >
>>>> > But to launch Barnyard
>>>> > I changed the command (snort) from this :
>>>> >
>>>> > # /usr/local/bin/barnyard \
>>>> > -c /etc/snort/barnyard.conf \
>>>> > -g /etc/snort/gen-msg.map \
>>>> > -s /etc/snort/sid-msg.map \
>>>> > -d /var/log/snort \
>>>> > -f snort.log \
>>>> > -w /etc/snort/barnyard.waldo &
>>>> >
>>>> > to this
>>>> >
>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf -d
>>>> > /var/log/suricata &
>>>> >
>>>> > But it dosen't work :s
>>>> >
>>>> > Can u help me,
>>>> >
>>>> > Regards.
>>>> > Anas
>>>> >
>>>> > _______________________________________________
>>>> > Oisf-users mailing list
>>>> > Oisf-users at openinfosecfoundation.org
>>>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> >
>>>> >
>>>>
>>>
>>>
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100709/5d749fb9/attachment-0002.html>

More information about the Oisf-users mailing list