[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Mon Jul 12 10:11:07 UTC 2010 

I have just the database's name as "snort".

still this error :

--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/suricata/barnyard2.conf"
ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No
such file or directory)
ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such
file or directory
ERROR: Unable to open SID file '/etc/suricata/sid-msg.map' (No such file or
directory)
Log directory = /var/log/barnyard2
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g.,
rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..

we don't have these files in Suricata :
'/etc/suricata/reference.config' (No such file or directory)
ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such
file or directory
ERROR: Unable to open SID file '/etc/suricata/sid-msg.map'
!!!



>>
>> Selon "Anas.B" <a.bouhsaina at gmail.com>:
>>
>> > *Help me, please !*
>> >
>> > 2010/7/9 Anas.B <a.bouhsaina at gmail.com>
>> >
>> > > Hello,
>> > > Back :)
>> > >
>> > > Compiling Barnyard, I had this Error :
>> > >
>> > > --== Initializing Barnyard2 ==--
>> > > Initializing Input Plugins!
>> > > Initializing Output Plugins!
>> > > Parsing config file "/etc/suricata/barnyard2.conf"
>> > > ERROR: Unable to open Reference file '/etc/suricata/reference.config'
>> (No
>> > > such file or directory)
>> > > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No such
>> file
>> > > or directory
>> > > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such file
>> or
>> > > directory)
>> > > Log directory = /var/log/barnyard2
>> > > database: 'mysql' support is not compiled into this build of snort
>> > >
>> > > ERROR: If this build of snort was obtained as a binary distribution
>> (e.g.,
>> > > rpm,
>> > > or Windows), then check for alternate builds that contains the
>> necessary
>> > > 'mysql' support.
>> > >
>> > > If this build of snort was compiled by you, then re-run the
>> > > the ./configure script using the '--with-mysql' switch.
>> > > For non-standard installations of a database, the '--with-mysql=DIR'
>> > > syntax may need to be used to specify the base directory of the DB
>> install.
>> > >
>> > > See the database documentation for cursory details
>> (doc/README.database).
>> > > and the URL to the most recent database plugin documentation.
>> > > Fatal Error, Quitting..
>> > >
>> > >
>> > > Remind that in barnyard.conf we have :
>> > > # set the appropriate paths to the file(s) your Snort process is
>> using.
>> > > #
>> > > *config reference_file:        /etc/suricata/reference.config*
>> > > config classification_file: /etc/suricata/classification.config
>> > > *config gen_file:            /etc/snort/gen-msg.map
>> > > config sid_file:            /etc/snort/sid-msg.map*
>> > >
>> > > We don't have these files in suricata ! so how should i react !!!??
>> > >
>> > > best regards!
>> > > A..
>> > >
>> > >
>> > >
>> > >
>> > > 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
>> > >
>> > > Ah, I had a doubt about it,
>> > >>
>> > >> Thank you, I will retry and tell u, results :)
>> > >>
>> > >>
>> > >> Cheers.
>> > >>
>> > >> Anas
>> > >>
>> > >> 2010/7/8 Brant Wells <bwells at tfc.edu>
>> > >>
>> > >> The Barnyard download should have come with an example file in the
>> > >>> download....  Inside of the download's folder, there is a
>> barnyard.conf
>> > file
>> > >>> in ./etc  -- I usually copy this to /etc/suricata/barnyard.conf and
>> then
>> > >>> modify as needed.
>> > >>>
>> > >>> See Yas!
>> > >>> ~Brant
>> > >>>
>> > >>>
>> > >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com>
>> wrote:
>> > >>>
>> > >>>> Hi Will,
>> > >>>>
>> > >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find "barnyard2.conf"
>> > >>>>
>> > >>>> in Suricata.yaml,
>> > >>>> we have already :
>> > >>>>
>> > >>>>
>> > >>>>   - unified-log:
>> > >>>>       enabled: yes
>> > >>>>       filename: unified.log
>> > >>>>
>> > >>>>       # Limit in MB.
>> > >>>>       #limit: 32
>> > >>>>
>> > >>>>
>> > >>>>   - unified-alert:
>> > >>>>       enabled: yes
>> > >>>>       filename: unified.alert
>> > >>>>
>> > >>>>       # Limit in MB.
>> > >>>>       #limit: 32
>> > >>>>
>> > >>>>   - unified2-alert:
>> > >>>>       enabled: yes
>> > >>>>
>> > >>>>
>> > >>>>       filename: unified2.alert
>> > >>>>
>> > >>>> but how could we link between Suricata log folder and barnyard. ?
>> > >>>> help me please.
>> > >>>>
>> > >>>> Regards.
>> > >>>>
>> > >>>> Anas
>> > >>>>
>> > >>>>
>> > >>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
>> > >>>>
>> > >>>> unified1 logs are disabled by default have you enabled them in your
>> > >>>>> suricata.yaml file?  Also you need to change the -f snort.log to
>> be -f
>> > >>>>> unified.log. As as an fyi you should look at unified2/barnyard2 if
>> you
>> > >>>>> are doing a fresh install.
>> > >>>>>
>> > >>>>>  - unified-log:
>> > >>>>>      enabled: yes
>> > >>>>>      filename: unified.log
>> > >>>>>
>> > >>>>>  - unified-alert:
>> > >>>>>      enabled: yes
>> > >>>>>      filename: unified.alert
>> > >>>>>
>> > >>>>> Regards,
>> > >>>>>
>> > >>>>> Will
>> > >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com>
>> wrote:
>> > >>>>> > Hello everyone,
>> > >>>>> >
>> > >>>>> > I've installed mysql, created the database, with snort shemas
>> > >>>>> (tables),,
>> > >>>>> > also Barnyard,
>> > >>>>> >
>> > >>>>> >
>> > >>>>> > in barnyard.conf :
>> > >>>>> > I've replaced these lines :
>> > >>>>> >
>> > >>>>> > config hostname: debian
>> > >>>>> > config interface: eth0
>> > >>>>> > output log_acid_db: mysql, database snort, server localhost,
>> user
>> > >>>>> root,
>> > >>>>> > password mysnortpassword, detail full
>> > >>>>> >
>> > >>>>> > But to launch Barnyard
>> > >>>>> > I changed the command (snort) from this :
>> > >>>>> >
>> > >>>>> > # /usr/local/bin/barnyard \
>> > >>>>> > -c /etc/snort/barnyard.conf \
>> > >>>>> > -g /etc/snort/gen-msg.map \
>> > >>>>> > -s /etc/snort/sid-msg.map \
>> > >>>>> > -d /var/log/snort \
>> > >>>>> > -f snort.log \
>> > >>>>> > -w /etc/snort/barnyard.waldo &
>> > >>>>> >
>> > >>>>> > to this
>> > >>>>> >
>> > >>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf -d
>> > >>>>> > /var/log/suricata &
>> > >>>>> >
>> > >>>>> > But it dosen't work :s
>> > >>>>> >
>> > >>>>> > Can u help me,
>> > >>>>> >
>> > >>>>> > Regards.
>> > >>>>> > Anas
>> > >>>>> >
>> > >>>>> > _______________________________________________
>> > >>>>> > Oisf-users mailing list
>> > >>>>> > Oisf-users at openinfosecfoundation.org
>> > >>>>> >
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > >>>>> >
>> > >>>>> >
>> > >>>>>
>> > >>>>
>> > >>>>
>> > >>>> _______________________________________________
>> > >>>> Oisf-users mailing list
>> > >>>> Oisf-users at openinfosecfoundation.org
>> > >>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > >>>>
>> > >>>>
>> > >>>
>> > >>
>> > >
>> >
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/1bf26f2d/attachment-0002.html>

More information about the Oisf-users mailing list