[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Mon Jul 12 13:15:53 UTC 2010 

Yes, I have just reapeted the operation.

That's what i did
*
and

root at ubuntu:/usr/local/barnyard2-1.8# make*
I had like these errors :
make[2]: Entering directory `/usr/local/barnyard2-1.8/etc'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/etc'
Making all in doc
make[2]: Entering directory `/usr/local/barnyard2-1.8/doc'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/doc'
Making all in rpm
make[2]: Entering directory `/usr/local/barnyard2-1.8/rpm'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/rpm'
Making all in schemas
make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
Making all in m4
make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
make[2]: Entering directory `/usr/local/barnyard2-1.8'
make[2]: Leaving directory `/usr/local/barnyard2-1.8'
make[1]: Leaving directory `/usr/local/barnyard2-1.8'


and *#make install*

I had like these errors :

Making install in schemas
make[1]: Entering directory `/usr/local/barnyard2-1.8/schemas'
make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
make[1]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
Making install in m4
make[1]: Entering directory `/usr/local/barnyard2-1.8/m4'
make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
make[1]: Leaving directory `/usr/local/barnyard2-1.8/m4'
make[1]: Entering directory `/usr/local/barnyard2-1.8'
make[2]: Entering directory `/usr/local/barnyard2-1.8'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/usr/local/barnyard2-1.8'
make[1]: Leaving directory `/usr/local/barnyard2-1.8'




2010/7/12 Brant Wells <bwells at tfc.edu>

> Did you compile Barnyard2 yourself?
>
> You should make sure to...
>
> ./configure --with-mysql
>
> when you build Barnyard 2...  and make sure that reference.config,
> gen-msg.map and sid-msg.map have all been copied into /etc/suricata!
>
> Let me know what happens!
> ~Brant
>
>
> On Mon, Jul 12, 2010 at 6:11 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>
>> I have just the database's name as "snort".
>>
>> still this error :
>>
>> --== Initializing Barnyard2 ==--
>> Initializing Input Plugins!
>> Initializing Output Plugins!
>> Parsing config file "/etc/suricata/barnyard2.conf"
>> ERROR: Unable to open Reference file '/etc/suricata/reference.config' (No
>> such file or directory)
>> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such
>> file or directory
>> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map' (No such file
>> or directory)
>>
>> Log directory = /var/log/barnyard2
>> database: 'mysql' support is not compiled into this build of snort
>>
>> ERROR: If this build of snort was obtained as a binary distribution (e.g.,
>> rpm,
>> or Windows), then check for alternate builds that contains the necessary
>> 'mysql' support.
>>
>> If this build of snort was compiled by you, then re-run the
>> the ./configure script using the '--with-mysql' switch.
>> For non-standard installations of a database, the '--with-mysql=DIR'
>> syntax may need to be used to specify the base directory of the DB
>> install.
>>
>> See the database documentation for cursory details (doc/README.database).
>> and the URL to the most recent database plugin documentation.
>> Fatal Error, Quitting..
>>
>>
>> we don't have these files in Suricata :
>> '/etc/suricata/reference.config' (No such file or directory)
>> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No such
>> file or directory
>> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map'
>> !!!
>>
>>
>>
>>>>
>>>> Selon "Anas.B" <a.bouhsaina at gmail.com>:
>>>>
>>>> > *Help me, please !*
>>>>
>>>> >
>>>> > 2010/7/9 Anas.B <a.bouhsaina at gmail.com>
>>>> >
>>>> > > Hello,
>>>> > > Back :)
>>>> > >
>>>> > > Compiling Barnyard, I had this Error :
>>>> > >
>>>> > > --== Initializing Barnyard2 ==--
>>>> > > Initializing Input Plugins!
>>>> > > Initializing Output Plugins!
>>>> > > Parsing config file "/etc/suricata/barnyard2.conf"
>>>> > > ERROR: Unable to open Reference file
>>>> '/etc/suricata/reference.config' (No
>>>> > > such file or directory)
>>>> > > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No
>>>> such file
>>>> > > or directory
>>>> > > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such
>>>> file or
>>>> > > directory)
>>>> > > Log directory = /var/log/barnyard2
>>>> > > database: 'mysql' support is not compiled into this build of snort
>>>> > >
>>>> > > ERROR: If this build of snort was obtained as a binary distribution
>>>> (e.g.,
>>>> > > rpm,
>>>> > > or Windows), then check for alternate builds that contains the
>>>> necessary
>>>> > > 'mysql' support.
>>>> > >
>>>> > > If this build of snort was compiled by you, then re-run the
>>>> > > the ./configure script using the '--with-mysql' switch.
>>>> > > For non-standard installations of a database, the '--with-mysql=DIR'
>>>> > > syntax may need to be used to specify the base directory of the DB
>>>> install.
>>>> > >
>>>> > > See the database documentation for cursory details
>>>> (doc/README.database).
>>>> > > and the URL to the most recent database plugin documentation.
>>>> > > Fatal Error, Quitting..
>>>> > >
>>>> > >
>>>> > > Remind that in barnyard.conf we have :
>>>> > > # set the appropriate paths to the file(s) your Snort process is
>>>> using.
>>>> > > #
>>>> > > *config reference_file:        /etc/suricata/reference.config*
>>>> > > config classification_file: /etc/suricata/classification.config
>>>> > > *config gen_file:            /etc/snort/gen-msg.map
>>>> > > config sid_file:            /etc/snort/sid-msg.map*
>>>> > >
>>>> > > We don't have these files in suricata ! so how should i react !!!??
>>>> > >
>>>> > > best regards!
>>>> > > A..
>>>> > >
>>>> > >
>>>> > >
>>>> > >
>>>> > > 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
>>>> > >
>>>> > > Ah, I had a doubt about it,
>>>> > >>
>>>> > >> Thank you, I will retry and tell u, results :)
>>>> > >>
>>>> > >>
>>>> > >> Cheers.
>>>> > >>
>>>> > >> Anas
>>>> > >>
>>>> > >> 2010/7/8 Brant Wells <bwells at tfc.edu>
>>>> > >>
>>>> > >> The Barnyard download should have come with an example file in the
>>>> > >>> download....  Inside of the download's folder, there is a
>>>> barnyard.conf
>>>> > file
>>>> > >>> in ./etc  -- I usually copy this to /etc/suricata/barnyard.conf
>>>> and then
>>>> > >>> modify as needed.
>>>> > >>>
>>>> > >>> See Yas!
>>>> > >>> ~Brant
>>>> > >>>
>>>> > >>>
>>>> > >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com>
>>>> wrote:
>>>> > >>>
>>>> > >>>> Hi Will,
>>>> > >>>>
>>>> > >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find
>>>> "barnyard2.conf"
>>>> > >>>>
>>>> > >>>> in Suricata.yaml,
>>>> > >>>> we have already :
>>>> > >>>>
>>>> > >>>>
>>>> > >>>>   - unified-log:
>>>> > >>>>       enabled: yes
>>>> > >>>>       filename: unified.log
>>>> > >>>>
>>>> > >>>>       # Limit in MB.
>>>> > >>>>       #limit: 32
>>>> > >>>>
>>>> > >>>>
>>>> > >>>>   - unified-alert:
>>>> > >>>>       enabled: yes
>>>> > >>>>       filename: unified.alert
>>>> > >>>>
>>>> > >>>>       # Limit in MB.
>>>> > >>>>       #limit: 32
>>>> > >>>>
>>>> > >>>>   - unified2-alert:
>>>> > >>>>       enabled: yes
>>>> > >>>>
>>>> > >>>>
>>>> > >>>>       filename: unified2.alert
>>>> > >>>>
>>>> > >>>> but how could we link between Suricata log folder and barnyard. ?
>>>> > >>>> help me please.
>>>> > >>>>
>>>> > >>>> Regards.
>>>> > >>>>
>>>> > >>>> Anas
>>>> > >>>>
>>>> > >>>>
>>>> > >>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
>>>> > >>>>
>>>> > >>>> unified1 logs are disabled by default have you enabled them in
>>>> your
>>>> > >>>>> suricata.yaml file?  Also you need to change the -f snort.log to
>>>> be -f
>>>> > >>>>> unified.log. As as an fyi you should look at unified2/barnyard2
>>>> if you
>>>> > >>>>> are doing a fresh install.
>>>> > >>>>>
>>>> > >>>>>  - unified-log:
>>>> > >>>>>      enabled: yes
>>>> > >>>>>      filename: unified.log
>>>> > >>>>>
>>>> > >>>>>  - unified-alert:
>>>> > >>>>>      enabled: yes
>>>> > >>>>>      filename: unified.alert
>>>> > >>>>>
>>>> > >>>>> Regards,
>>>> > >>>>>
>>>> > >>>>> Will
>>>> > >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com>
>>>> wrote:
>>>> > >>>>> > Hello everyone,
>>>> > >>>>> >
>>>> > >>>>> > I've installed mysql, created the database, with snort shemas
>>>> > >>>>> (tables),,
>>>> > >>>>> > also Barnyard,
>>>> > >>>>> >
>>>> > >>>>> >
>>>> > >>>>> > in barnyard.conf :
>>>> > >>>>> > I've replaced these lines :
>>>> > >>>>> >
>>>> > >>>>> > config hostname: debian
>>>> > >>>>> > config interface: eth0
>>>> > >>>>> > output log_acid_db: mysql, database snort, server localhost,
>>>> user
>>>> > >>>>> root,
>>>> > >>>>> > password mysnortpassword, detail full
>>>> > >>>>> >
>>>> > >>>>> > But to launch Barnyard
>>>> > >>>>> > I changed the command (snort) from this :
>>>> > >>>>> >
>>>> > >>>>> > # /usr/local/bin/barnyard \
>>>> > >>>>> > -c /etc/snort/barnyard.conf \
>>>> > >>>>> > -g /etc/snort/gen-msg.map \
>>>> > >>>>> > -s /etc/snort/sid-msg.map \
>>>> > >>>>> > -d /var/log/snort \
>>>> > >>>>> > -f snort.log \
>>>> > >>>>> > -w /etc/snort/barnyard.waldo &
>>>> > >>>>> >
>>>> > >>>>> > to this
>>>> > >>>>> >
>>>> > >>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf -d
>>>> > >>>>> > /var/log/suricata &
>>>> > >>>>> >
>>>> > >>>>> > But it dosen't work :s
>>>> > >>>>> >
>>>> > >>>>> > Can u help me,
>>>> > >>>>> >
>>>> > >>>>> > Regards.
>>>> > >>>>> > Anas
>>>> > >>>>> >
>>>> > >>>>> > _______________________________________________
>>>> > >>>>> > Oisf-users mailing list
>>>> > >>>>> > Oisf-users at openinfosecfoundation.org
>>>> > >>>>> >
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> > >>>>> >
>>>> > >>>>> >
>>>> > >>>>>
>>>> > >>>>
>>>> > >>>>
>>>> > >>>> _______________________________________________
>>>> > >>>> Oisf-users mailing list
>>>> > >>>> Oisf-users at openinfosecfoundation.org
>>>> > >>>>
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> > >>>>
>>>> > >>>>
>>>> > >>>
>>>> > >>
>>>> > >
>>>> >
>>>>
>>>>
>>>>
>>>
>>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/5a06ea72/attachment-0002.html>

More information about the Oisf-users mailing list