[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Mon Jul 12 14:31:00 UTC 2010 

Thank youuu
there's progress [?]

but still a Fatal Error,

       --== Initializing Barnyard2 ==--
Initializing Input Plugins!
Initializing Output Plugins!
Parsing config file "/etc/suricata/barnyard2.conf"
Log directory = /var/log/barnyard2
database: compiled support for (mysql)
database: configured to use mysql
database: schema version = 107
database:           host = localhost
database:           user = root
database:  database name = snort
database:    sensor name = localhost:eth0
database:      sensor id = 1
database:  data encoding = hex
database:   detail level = full
database:     ignore_bpf = no
database: using the "alert" facility

        --== Initialization Complete ==--

  ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.8 (Build 251)
 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
 + '''' +  (C) Copyright 2008-2010 SecurixLive.

           Snort by Martin Roesch & The Snort Team:
http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.

Opened spool file '/var/log/suricata//unified.log.1275900067'
ERROR: Unknown record type read: 2148576734
Fatal Error, Quitting..

this is the command that I set

*# barnyard2 -c /etc/suricata/barnyard2.conf -d /var/log/suricata/ -f
unified.log*




> Selon "Anas.B" <a.bouhsaina at gmail.com>:
>
> > Yes, I have just reapeted the operation.
> >
> > That's what i did
> > *
> > and
> >
> > root at ubuntu:/usr/local/barnyard2-1.8# make*
> > I had like these errors :
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/etc'
> > make[2]: Nothing to be done for `all'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/etc'
> > Making all in doc
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/doc'
> > make[2]: Nothing to be done for `all'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/doc'
> > Making all in rpm
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/rpm'
> > make[2]: Nothing to be done for `all'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/rpm'
> > Making all in schemas
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
> > make[2]: Nothing to be done for `all'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
> > Making all in m4
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
> > make[2]: Nothing to be done for `all'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
> > make[2]: Entering directory `/usr/local/barnyard2-1.8'
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8'
> > make[1]: Leaving directory `/usr/local/barnyard2-1.8'
> >
> >
> > and *#make install*
> >
> > I had like these errors :
> >
> > Making install in schemas
> > make[1]: Entering directory `/usr/local/barnyard2-1.8/schemas'
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
> > make[2]: Nothing to be done for `install-exec-am'.
> > make[2]: Nothing to be done for `install-data-am'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
> > make[1]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
> > Making install in m4
> > make[1]: Entering directory `/usr/local/barnyard2-1.8/m4'
> > make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
> > make[2]: Nothing to be done for `install-exec-am'.
> > make[2]: Nothing to be done for `install-data-am'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
> > make[1]: Leaving directory `/usr/local/barnyard2-1.8/m4'
> > make[1]: Entering directory `/usr/local/barnyard2-1.8'
> > make[2]: Entering directory `/usr/local/barnyard2-1.8'
> > make[2]: Nothing to be done for `install-exec-am'.
> > make[2]: Nothing to be done for `install-data-am'.
> > make[2]: Leaving directory `/usr/local/barnyard2-1.8'
> > make[1]: Leaving directory `/usr/local/barnyard2-1.8'
> >
> >
> >
> >
> > 2010/7/12 Brant Wells <bwells at tfc.edu>
> >
> > > Did you compile Barnyard2 yourself?
> > >
> > > You should make sure to...
> > >
> > > ./configure --with-mysql
> > >
> > > when you build Barnyard 2...  and make sure that reference.config,
> > > gen-msg.map and sid-msg.map have all been copied into /etc/suricata!
> > >
> > > Let me know what happens!
> > > ~Brant
> > >
> > >
> > > On Mon, Jul 12, 2010 at 6:11 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
> > >
> > >> I have just the database's name as "snort".
> > >>
> > >> still this error :
> > >>
> > >> --== Initializing Barnyard2 ==--
> > >> Initializing Input Plugins!
> > >> Initializing Output Plugins!
> > >> Parsing config file "/etc/suricata/barnyard2.conf"
> > >> ERROR: Unable to open Reference file '/etc/suricata/reference.config'
> (No
> > >> such file or directory)
> > >> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No
> such
> > >> file or directory
> > >> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map' (No such
> file
> > >> or directory)
> > >>
> > >> Log directory = /var/log/barnyard2
> > >> database: 'mysql' support is not compiled into this build of snort
> > >>
> > >> ERROR: If this build of snort was obtained as a binary distribution
> (e.g.,
> > >> rpm,
> > >> or Windows), then check for alternate builds that contains the
> necessary
> > >> 'mysql' support.
> > >>
> > >> If this build of snort was compiled by you, then re-run the
> > >> the ./configure script using the '--with-mysql' switch.
> > >> For non-standard installations of a database, the '--with-mysql=DIR'
> > >> syntax may need to be used to specify the base directory of the DB
> > >> install.
> > >>
> > >> See the database documentation for cursory details
> (doc/README.database).
> > >> and the URL to the most recent database plugin documentation.
> > >> Fatal Error, Quitting..
> > >>
> > >>
> > >> we don't have these files in Suricata :
> > >> '/etc/suricata/reference.config' (No such file or directory)
> > >> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No
> such
> > >> file or directory
> > >> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map'
> > >> !!!
> > >>
> > >>
> > >>
> > >>>>
> > >>>> Selon "Anas.B" <a.bouhsaina at gmail.com>:
> > >>>>
> > >>>> > *Help me, please !*
> > >>>>
> > >>>> >
> > >>>> > 2010/7/9 Anas.B <a.bouhsaina at gmail.com>
> > >>>> >
> > >>>> > > Hello,
> > >>>> > > Back :)
> > >>>> > >
> > >>>> > > Compiling Barnyard, I had this Error :
> > >>>> > >
> > >>>> > > --== Initializing Barnyard2 ==--
> > >>>> > > Initializing Input Plugins!
> > >>>> > > Initializing Output Plugins!
> > >>>> > > Parsing config file "/etc/suricata/barnyard2.conf"
> > >>>> > > ERROR: Unable to open Reference file
> > >>>> '/etc/suricata/reference.config' (No
> > >>>> > > such file or directory)
> > >>>> > > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map":
> No
> > >>>> such file
> > >>>> > > or directory
> > >>>> > > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such
> > >>>> file or
> > >>>> > > directory)
> > >>>> > > Log directory = /var/log/barnyard2
> > >>>> > > database: 'mysql' support is not compiled into this build of
> snort
> > >>>> > >
> > >>>> > > ERROR: If this build of snort was obtained as a binary
> distribution
> > >>>> (e.g.,
> > >>>> > > rpm,
> > >>>> > > or Windows), then check for alternate builds that contains the
> > >>>> necessary
> > >>>> > > 'mysql' support.
> > >>>> > >
> > >>>> > > If this build of snort was compiled by you, then re-run the
> > >>>> > > the ./configure script using the '--with-mysql' switch.
> > >>>> > > For non-standard installations of a database, the
> '--with-mysql=DIR'
> > >>>> > > syntax may need to be used to specify the base directory of the
> DB
> > >>>> install.
> > >>>> > >
> > >>>> > > See the database documentation for cursory details
> > >>>> (doc/README.database).
> > >>>> > > and the URL to the most recent database plugin documentation.
> > >>>> > > Fatal Error, Quitting..
> > >>>> > >
> > >>>> > >
> > >>>> > > Remind that in barnyard.conf we have :
> > >>>> > > # set the appropriate paths to the file(s) your Snort process is
> > >>>> using.
> > >>>> > > #
> > >>>> > > *config reference_file:        /etc/suricata/reference.config*
> > >>>> > > config classification_file: /etc/suricata/classification.config
> > >>>> > > *config gen_file:            /etc/snort/gen-msg.map
> > >>>> > > config sid_file:            /etc/snort/sid-msg.map*
> > >>>> > >
> > >>>> > > We don't have these files in suricata ! so how should i react
> !!!??
> > >>>> > >
> > >>>> > > best regards!
> > >>>> > > A..
> > >>>> > >
> > >>>> > >
> > >>>> > >
> > >>>> > >
> > >>>> > > 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
> > >>>> > >
> > >>>> > > Ah, I had a doubt about it,
> > >>>> > >>
> > >>>> > >> Thank you, I will retry and tell u, results :)
> > >>>> > >>
> > >>>> > >>
> > >>>> > >> Cheers.
> > >>>> > >>
> > >>>> > >> Anas
> > >>>> > >>
> > >>>> > >> 2010/7/8 Brant Wells <bwells at tfc.edu>
> > >>>> > >>
> > >>>> > >> The Barnyard download should have come with an example file in
> the
> > >>>> > >>> download....  Inside of the download's folder, there is a
> > >>>> barnyard.conf
> > >>>> > file
> > >>>> > >>> in ./etc  -- I usually copy this to
> /etc/suricata/barnyard.conf
> > >>>> and then
> > >>>> > >>> modify as needed.
> > >>>> > >>>
> > >>>> > >>> See Yas!
> > >>>> > >>> ~Brant
> > >>>> > >>>
> > >>>> > >>>
> > >>>> > >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com
> >
> > >>>> wrote:
> > >>>> > >>>
> > >>>> > >>>> Hi Will,
> > >>>> > >>>>
> > >>>> > >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find
> > >>>> "barnyard2.conf"
> > >>>> > >>>>
> > >>>> > >>>> in Suricata.yaml,
> > >>>> > >>>> we have already :
> > >>>> > >>>>
> > >>>> > >>>>
> > >>>> > >>>>   - unified-log:
> > >>>> > >>>>       enabled: yes
> > >>>> > >>>>       filename: unified.log
> > >>>> > >>>>
> > >>>> > >>>>       # Limit in MB.
> > >>>> > >>>>       #limit: 32
> > >>>> > >>>>
> > >>>> > >>>>
> > >>>> > >>>>   - unified-alert:
> > >>>> > >>>>       enabled: yes
> > >>>> > >>>>       filename: unified.alert
> > >>>> > >>>>
> > >>>> > >>>>       # Limit in MB.
> > >>>> > >>>>       #limit: 32
> > >>>> > >>>>
> > >>>> > >>>>   - unified2-alert:
> > >>>> > >>>>       enabled: yes
> > >>>> > >>>>
> > >>>> > >>>>
> > >>>> > >>>>       filename: unified2.alert
> > >>>> > >>>>
> > >>>> > >>>> but how could we link between Suricata log folder and
> barnyard. ?
> > >>>> > >>>> help me please.
> > >>>> > >>>>
> > >>>> > >>>> Regards.
> > >>>> > >>>>
> > >>>> > >>>> Anas
> > >>>> > >>>>
> > >>>> > >>>>
> > >>>> > >>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
> > >>>> > >>>>
> > >>>> > >>>> unified1 logs are disabled by default have you enabled them
> in
> > >>>> your
> > >>>> > >>>>> suricata.yaml file?  Also you need to change the -f
> snort.log to
> > >>>> be -f
> > >>>> > >>>>> unified.log. As as an fyi you should look at
> unified2/barnyard2
> > >>>> if you
> > >>>> > >>>>> are doing a fresh install.
> > >>>> > >>>>>
> > >>>> > >>>>>  - unified-log:
> > >>>> > >>>>>      enabled: yes
> > >>>> > >>>>>      filename: unified.log
> > >>>> > >>>>>
> > >>>> > >>>>>  - unified-alert:
> > >>>> > >>>>>      enabled: yes
> > >>>> > >>>>>      filename: unified.alert
> > >>>> > >>>>>
> > >>>> > >>>>> Regards,
> > >>>> > >>>>>
> > >>>> > >>>>> Will
> > >>>> > >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <
> a.bouhsaina at gmail.com>
> > >>>> wrote:
> > >>>> > >>>>> > Hello everyone,
> > >>>> > >>>>> >
> > >>>> > >>>>> > I've installed mysql, created the database, with snort
> shemas
> > >>>> > >>>>> (tables),,
> > >>>> > >>>>> > also Barnyard,
> > >>>> > >>>>> >
> > >>>> > >>>>> >
> > >>>> > >>>>> > in barnyard.conf :
> > >>>> > >>>>> > I've replaced these lines :
> > >>>> > >>>>> >
> > >>>> > >>>>> > config hostname: debian
> > >>>> > >>>>> > config interface: eth0
> > >>>> > >>>>> > output log_acid_db: mysql, database snort, server
> localhost,
> > >>>> user
> > >>>> > >>>>> root,
> > >>>> > >>>>> > password mysnortpassword, detail full
> > >>>> > >>>>> >
> > >>>> > >>>>> > But to launch Barnyard
> > >>>> > >>>>> > I changed the command (snort) from this :
> > >>>> > >>>>> >
> > >>>> > >>>>> > # /usr/local/bin/barnyard
> > >>>> > >>>>> > -c /etc/snort/barnyard.conf
> > >>>> > >>>>> > -g /etc/snort/gen-msg.map
> > >>>> > >>>>> > -s /etc/snort/sid-msg.map
> > >>>> > >>>>> > -d /var/log/snort
> > >>>> > >>>>> > -f snort.log
> > >>>> > >>>>> > -w /etc/snort/barnyard.waldo &
> > >>>> > >>>>> >
> > >>>> > >>>>> > to this
> > >>>> > >>>>> >
> > >>>> > >>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf
> -d
> > >>>> > >>>>> > /var/log/suricata &
> > >>>> > >>>>> >
> > >>>> > >>>>> > But it dosen't work :s
> > >>>> > >>>>> >
> > >>>> > >>>>> > Can u help me,
> > >>>> > >>>>> >
> > >>>> > >>>>> > Regards.
> > >>>> > >>>>> > Anas
> > >>>> > >>>>> >
> > >>>> > >>>>> > _______________________________________________
> > >>>> > >>>>> > Oisf-users mailing list
> > >>>> > >>>>> > Oisf-users at openinfosecfoundation.org
> > >>>> > >>>>> >
> > >>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >>>> > >>>>> >
> > >>>> > >>>>> >
> > >>>> > >>>>>
> > >>>> > >>>>
> > >>>> > >>>>
> > >>>> > >>>> _______________________________________________
> > >>>> > >>>> Oisf-users mailing list
> > >>>> > >>>> Oisf-users at openinfosecfoundation.org
> > >>>> > >>>>
> > >>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >>>> > >>>>
> > >>>> > >>>>
> > >>>> > >>>
> > >>>> > >>
> > >>>> > >
> > >>>> >
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>
> > >>
> > >> _______________________________________________
> > >> Oisf-users mailing list
> > >> Oisf-users at openinfosecfoundation.org
> > >> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >>
> > >>
> > >
> >
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/665d0c35/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 330.gif
Type: image/gif
Size: 96 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/665d0c35/attachment-0002.gif>

More information about the Oisf-users mailing list