[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Mon Jul 12 11:47:00 UTC 2010 

I've coppied the snort files, but now, I have this error !!!


--== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/suricata/barnyard2.conf"
Log directory = /var/log/barnyard2
database: 'mysql' support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g.,
rpm,
or Windows), then check for alternate builds that contains the necessary
'mysql' support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the '--with-mysql' switch.
For non-standard installations of a database, the '--with-mysql=DIR'
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting

what do you thing, is the problem ?



> >
>>> > >
>>> > > Selon "Anas.B" <a.bouhsaina at gmail.com>:
>>> > >
>>> > > > *Help me, please !*
>>> > > >
>>> > > > 2010/7/9 Anas.B <a.bouhsaina at gmail.com>
>>> > > >
>>> > > > > Hello,
>>> > > > > Back :)
>>> > > > >
>>> > > > > Compiling Barnyard, I had this Error :
>>> > > > >
>>> > > > > --== Initializing Barnyard2 ==--
>>> > > > > Initializing Input Plugins!
>>> > > > > Initializing Output Plugins!
>>> > > > > Parsing config file "/etc/suricata/barnyard2.conf"
>>> > > > > ERROR: Unable to open Reference file
>>> '/etc/suricata/reference.config'
>>> > > (No
>>> > > > > such file or directory)
>>> > > > > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No
>>> such
>>> > > file
>>> > > > > or directory
>>> > > > > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such
>>> file
>>> > > or
>>> > > > > directory)
>>> > > > > Log directory = /var/log/barnyard2
>>> > > > > database: 'mysql' support is not compiled into this build of
>>> snort
>>> > > > >
>>> > > > > ERROR: If this build of snort was obtained as a binary
>>> distribution
>>> > > (e.g.,
>>> > > > > rpm,
>>> > > > > or Windows), then check for alternate builds that contains the
>>> > > necessary
>>> > > > > 'mysql' support.
>>> > > > >
>>> > > > > If this build of snort was compiled by you, then re-run the
>>> > > > > the ./configure script using the '--with-mysql' switch.
>>> > > > > For non-standard installations of a database, the
>>> '--with-mysql=DIR'
>>> > > > > syntax may need to be used to specify the base directory of the
>>> DB
>>> > > install.
>>> > > > >
>>> > > > > See the database documentation for cursory details
>>> > > (doc/README.database).
>>> > > > > and the URL to the most recent database plugin documentation.
>>> > > > > Fatal Error, Quitting..
>>> > > > >
>>> > > > >
>>> > > > > Remind that in barnyard.conf we have :
>>> > > > > # set the appropriate paths to the file(s) your Snort process is
>>> using.
>>> > > > > #
>>> > > > > *config reference_file:        /etc/suricata/reference.config*
>>> > > > > config classification_file: /etc/suricata/classification.config
>>> > > > > *config gen_file:            /etc/snort/gen-msg.map
>>> > > > > config sid_file:            /etc/snort/sid-msg.map*
>>> > > > >
>>> > > > > We don't have these files in suricata ! so how should i react
>>> !!!??
>>> > > > >
>>> > > > > best regards!
>>> > > > > A..
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > > 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
>>> > > > >
>>> > > > > Ah, I had a doubt about it,
>>> > > > >>
>>> > > > >> Thank you, I will retry and tell u, results :)
>>> > > > >>
>>> > > > >>
>>> > > > >> Cheers.
>>> > > > >>
>>> > > > >> Anas
>>> > > > >>
>>> > > > >> 2010/7/8 Brant Wells <bwells at tfc.edu>
>>> > > > >>
>>> > > > >> The Barnyard download should have come with an example file in
>>> the
>>> > > > >>> download....  Inside of the download's folder, there is a
>>> > > barnyard.conf
>>> > > > file
>>> > > > >>> in ./etc  -- I usually copy this to /etc/suricata/barnyard.conf
>>> and
>>> > > then
>>> > > > >>> modify as needed.
>>> > > > >>>
>>> > > > >>> See Yas!
>>> > > > >>> ~Brant
>>> > > > >>>
>>> > > > >>>
>>> > > > >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com>
>>> > > wrote:
>>> > > > >>>
>>> > > > >>>> Hi Will,
>>> > > > >>>>
>>> > > > >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find
>>> "barnyard2.conf"
>>> > > > >>>>
>>> > > > >>>> in Suricata.yaml,
>>> > > > >>>> we have already :
>>> > > > >>>>
>>> > > > >>>>
>>> > > > >>>>   - unified-log:
>>> > > > >>>>       enabled: yes
>>> > > > >>>>       filename: unified.log
>>> > > > >>>>
>>> > > > >>>>       # Limit in MB.
>>> > > > >>>>       #limit: 32
>>> > > > >>>>
>>> > > > >>>>
>>> > > > >>>>   - unified-alert:
>>> > > > >>>>       enabled: yes
>>> > > > >>>>       filename: unified.alert
>>> > > > >>>>
>>> > > > >>>>       # Limit in MB.
>>> > > > >>>>       #limit: 32
>>> > > > >>>>
>>> > > > >>>>   - unified2-alert:
>>> > > > >>>>       enabled: yes
>>> > > > >>>>
>>> > > > >>>>
>>> > > > >>>>       filename: unified2.alert
>>> > > > >>>>
>>> > > > >>>> but how could we link between Suricata log folder and
>>> barnyard. ?
>>> > > > >>>> help me please.
>>> > > > >>>>
>>> > > > >>>> Regards.
>>> > > > >>>>
>>> > > > >>>> Anas
>>> > > > >>>>
>>> > > > >>>>
>>> > > > >>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
>>> > > > >>>>
>>> > > > >>>> unified1 logs are disabled by default have you enabled them in
>>> your
>>> > > > >>>>> suricata.yaml file?  Also you need to change the -f snort.log
>>> to be
>>> > > -f
>>> > > > >>>>> unified.log. As as an fyi you should look at
>>> unified2/barnyard2 if
>>> > > you
>>> > > > >>>>> are doing a fresh install.
>>> > > > >>>>>
>>> > > > >>>>>  - unified-log:
>>> > > > >>>>>      enabled: yes
>>> > > > >>>>>      filename: unified.log
>>> > > > >>>>>
>>> > > > >>>>>  - unified-alert:
>>> > > > >>>>>      enabled: yes
>>> > > > >>>>>      filename: unified.alert
>>> > > > >>>>>
>>> > > > >>>>> Regards,
>>> > > > >>>>>
>>> > > > >>>>> Will
>>> > > > >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <
>>> a.bouhsaina at gmail.com>
>>> > > wrote:
>>> > > > >>>>> > Hello everyone,
>>> > > > >>>>> >
>>> > > > >>>>> > I've installed mysql, created the database, with snort
>>> shemas
>>> > > > >>>>> (tables),,
>>> > > > >>>>> > also Barnyard,
>>> > > > >>>>> >
>>> > > > >>>>> >
>>> > > > >>>>> > in barnyard.conf :
>>> > > > >>>>> > I've replaced these lines :
>>> > > > >>>>> >
>>> > > > >>>>> > config hostname: debian
>>> > > > >>>>> > config interface: eth0
>>> > > > >>>>> > output log_acid_db: mysql, database snort, server
>>> localhost, user
>>> > > > >>>>> root,
>>> > > > >>>>> > password mysnortpassword, detail full
>>> > > > >>>>> >
>>> > > > >>>>> > But to launch Barnyard
>>> > > > >>>>> > I changed the command (snort) from this :
>>> > > > >>>>> >
>>> > > > >>>>> > # /usr/local/bin/barnyard \
>>> > > > >>>>> > -c /etc/snort/barnyard.conf \
>>> > > > >>>>> > -g /etc/snort/gen-msg.map \
>>> > > > >>>>> > -s /etc/snort/sid-msg.map \
>>> > > > >>>>> > -d /var/log/snort \
>>> > > > >>>>> > -f snort.log \
>>> > > > >>>>> > -w /etc/snort/barnyard.waldo &
>>> > > > >>>>> >
>>> > > > >>>>> > to this
>>> > > > >>>>> >
>>> > > > >>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf
>>> -d
>>> > > > >>>>> > /var/log/suricata &
>>> > > > >>>>> >
>>> > > > >>>>> > But it dosen't work :s
>>> > > > >>>>> >
>>> > > > >>>>> > Can u help me,
>>> > > > >>>>> >
>>> > > > >>>>> > Regards.
>>> > > > >>>>> > Anas
>>> > > > >>>>> >
>>> > > > >>>>> > _______________________________________________
>>> > > > >>>>> > Oisf-users mailing list
>>> > > > >>>>> > Oisf-users at openinfosecfoundation.org
>>> > > > >>>>> >
>>> > > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> > > > >>>>> >
>>> > > > >>>>> >
>>> > > > >>>>>
>>> > > > >>>>
>>> > > > >>>>
>>> > > > >>>> _______________________________________________
>>> > > > >>>> Oisf-users mailing list
>>> > > > >>>> Oisf-users at openinfosecfoundation.org
>>> > > > >>>>
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> > > > >>>>
>>> > > > >>>>
>>> > > > >>>
>>> > > > >>
>>> > > > >
>>> > > >
>>> > >
>>> > >
>>> > >
>>> >
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/4ee43d23/attachment-0002.html>

More information about the Oisf-users mailing list