[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Sun Jul 11 23:49:49 UTC 2010


*Help me, please !*

2010/7/9 Anas.B <a.bouhsaina at gmail.com>

> Hello,
> Back :)
>
> Compiling Barnyard, I had this Error :
>
> --== Initializing Barnyard2 ==--
> Initializing Input Plugins!
> Initializing Output Plugins!
> Parsing config file "/etc/suricata/barnyard2.conf"
> ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No
> such file or directory)
> ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such file
> or directory
> ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file or
> directory)
> Log directory = /var/log/barnyard2
> database: 'mysql' support is not compiled into this build of snort
>
> ERROR: If this build of snort was obtained as a binary distribution (e.g.,
> rpm,
> or Windows), then check for alternate builds that contains the necessary
> 'mysql' support.
>
> If this build of snort was compiled by you, then re-run the
> the ./configure script using the '--with-mysql' switch.
> For non-standard installations of a database, the '--with-mysql=DIR'
> syntax may need to be used to specify the base directory of the DB install.
>
> See the database documentation for cursory details (doc/README.database).
> and the URL to the most recent database plugin documentation.
> Fatal Error, Quitting..
>
>
> Remind that in barnyard.conf we have :
> # set the appropriate paths to the file(s) your Snort process is using.
> #
> *config reference_file:        /etc/suricata/reference.config*
> config classification_file: /etc/suricata/classification.config
> *config gen_file:            /etc/snort/gen-msg.map
> config sid_file:            /etc/snort/sid-msg.map*
>
> We don't have these files in suricata ! so how should i react !!!??
>
> best regards!
> A..
>
>
>
>
> 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
>
> Ah, I had a doubt about it,
>>
>> Thank you, I will retry and tell u, results :)
>>
>>
>> Cheers.
>>
>> Anas
>>
>> 2010/7/8 Brant Wells <bwells at tfc.edu>
>>
>> The Barnyard download should have come with an example file in the
>>> download....  Inside of the download's folder, there is a barnyard.conf file
>>> in ./etc  -- I usually copy this to /etc/suricata/barnyard.conf and then
>>> modify as needed.
>>>
>>> See Yas!
>>> ~Brant
>>>
>>>
>>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>>>
>>>> Hi Will,
>>>>
>>>> I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"
>>>>
>>>> in Suricata.yaml,
>>>> we have already :
>>>>
>>>>
>>>>   - unified-log:
>>>>       enabled: yes
>>>>       filename: unified.log
>>>>
>>>>       # Limit in MB.
>>>>       #limit: 32
>>>>
>>>>
>>>>   - unified-alert:
>>>>       enabled: yes
>>>>       filename: unified.alert
>>>>
>>>>       # Limit in MB.
>>>>       #limit: 32
>>>>
>>>>   - unified2-alert:
>>>>       enabled: yes
>>>>
>>>>
>>>>       filename: unified2.alert
>>>>
>>>> but how could we link between Suricata log folder and barnyard. ?
>>>> help me please.
>>>>
>>>> Regards.
>>>>
>>>> Anas
>>>>
>>>>
>>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
>>>>
>>>> unified1 logs are disabled by default have you enabled them in your
>>>>> suricata.yaml file?  Also you need to change the -f snort.log to be -f
>>>>> unified.log. As as an fyi you should look at unified2/barnyard2 if you
>>>>> are doing a fresh install.
>>>>>
>>>>>  - unified-log:
>>>>>      enabled: yes
>>>>>      filename: unified.log
>>>>>
>>>>>  - unified-alert:
>>>>>      enabled: yes
>>>>>      filename: unified.alert
>>>>>
>>>>> Regards,
>>>>>
>>>>> Will
>>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>>>>> > Hello everyone,
>>>>> >
>>>>> > I've installed mysql, created the database, with snort shemas
>>>>> (tables),,
>>>>> > also Barnyard,
>>>>> >
>>>>> >
>>>>> > in barnyard.conf :
>>>>> > I've replaced these lines :
>>>>> >
>>>>> > config hostname: debian
>>>>> > config interface: eth0
>>>>> > output log_acid_db: mysql, database snort, server localhost, user
>>>>> root,
>>>>> > password mysnortpassword, detail full
>>>>> >
>>>>> > But to launch Barnyard
>>>>> > I changed the command (snort) from this :
>>>>> >
>>>>> > # /usr/local/bin/barnyard \
>>>>> > -c /etc/snort/barnyard.conf \
>>>>> > -g /etc/snort/gen-msg.map \
>>>>> > -s /etc/snort/sid-msg.map \
>>>>> > -d /var/log/snort \
>>>>> > -f snort.log \
>>>>> > -w /etc/snort/barnyard.waldo &
>>>>> >
>>>>> > to this
>>>>> >
>>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf -d
>>>>> > /var/log/suricata &
>>>>> >
>>>>> > But it dosen't work :s
>>>>> >
>>>>> > Can u help me,
>>>>> >
>>>>> > Regards.
>>>>> > Anas
>>>>> >
>>>>> > _______________________________________________
>>>>> > Oisf-users mailing list
>>>>> > Oisf-users at openinfosecfoundation.org
>>>>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>>> >
>>>>> >
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Oisf-users mailing list
>>>> Oisf-users at openinfosecfoundation.org
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/6081553d/attachment-0002.html>


More information about the Oisf-users mailing list