[Oisf-users] Suri-GUI

Anas.B a.bouhsaina at gmail.com
Mon Jul 12 15:08:45 UTC 2010 

You're a genius, that works. Thank u so much :)

Brant these arre my files :

-rw-r--r-- 1 root root   8167 2010-07-12 11:04 barnyard2.conf
-rw-r--r-- 1 root root   3533 2010-06-07 09:15 classification.config
-rwxr-xr-x 1 root root  18217 2010-07-12 12:17 gen-msg.map
-rwxr-xr-x 1 root root    548 2010-07-12 12:17 reference.config
drwxr-xr-x 2 1004 1004   4096 2010-06-16 16:50 rules
-rwxr-xr-x 1 root root 188588 2010-07-12 12:17 sid-msg.map
-rw-r--r-- 1 root root  12413 2010-06-16 10:52 suricata.yaml


See you tomorrow, i'll try to install BASE.

Cheers.
A.


2010/7/12 Brant Wells <bwells at tfc.edu>

> What files are in your /etc/suricata directory?
>
> ~Brant
>
>
> On Mon, Jul 12, 2010 at 9:15 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>
>> Yes, I have just reapeted the operation.
>>
>> That's what i did
>> *
>> and
>>
>> root at ubuntu:/usr/local/barnyard2-1.8# make*
>> I had like these errors :
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/etc'
>> make[2]: Nothing to be done for `all'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/etc'
>> Making all in doc
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/doc'
>> make[2]: Nothing to be done for `all'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/doc'
>> Making all in rpm
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/rpm'
>> make[2]: Nothing to be done for `all'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/rpm'
>> Making all in schemas
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
>> make[2]: Nothing to be done for `all'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
>> Making all in m4
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
>> make[2]: Nothing to be done for `all'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
>> make[2]: Entering directory `/usr/local/barnyard2-1.8'
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8'
>> make[1]: Leaving directory `/usr/local/barnyard2-1.8'
>>
>>
>> and *#make install*
>>
>> I had like these errors :
>>
>> Making install in schemas
>> make[1]: Entering directory `/usr/local/barnyard2-1.8/schemas'
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/schemas'
>> make[2]: Nothing to be done for `install-exec-am'.
>> make[2]: Nothing to be done for `install-data-am'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
>> make[1]: Leaving directory `/usr/local/barnyard2-1.8/schemas'
>> Making install in m4
>> make[1]: Entering directory `/usr/local/barnyard2-1.8/m4'
>> make[2]: Entering directory `/usr/local/barnyard2-1.8/m4'
>> make[2]: Nothing to be done for `install-exec-am'.
>> make[2]: Nothing to be done for `install-data-am'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8/m4'
>> make[1]: Leaving directory `/usr/local/barnyard2-1.8/m4'
>> make[1]: Entering directory `/usr/local/barnyard2-1.8'
>> make[2]: Entering directory `/usr/local/barnyard2-1.8'
>> make[2]: Nothing to be done for `install-exec-am'.
>> make[2]: Nothing to be done for `install-data-am'.
>> make[2]: Leaving directory `/usr/local/barnyard2-1.8'
>> make[1]: Leaving directory `/usr/local/barnyard2-1.8'
>>
>>
>>
>>
>> 2010/7/12 Brant Wells <bwells at tfc.edu>
>>
>> Did you compile Barnyard2 yourself?
>>>
>>> You should make sure to...
>>>
>>> ./configure --with-mysql
>>>
>>> when you build Barnyard 2...  and make sure that reference.config,
>>> gen-msg.map and sid-msg.map have all been copied into /etc/suricata!
>>>
>>> Let me know what happens!
>>> ~Brant
>>>
>>>
>>> On Mon, Jul 12, 2010 at 6:11 AM, Anas.B <a.bouhsaina at gmail.com> wrote:
>>>
>>>> I have just the database's name as "snort".
>>>>
>>>> still this error :
>>>>
>>>> --== Initializing Barnyard2 ==--
>>>> Initializing Input Plugins!
>>>> Initializing Output Plugins!
>>>> Parsing config file "/etc/suricata/barnyard2.conf"
>>>> ERROR: Unable to open Reference file '/etc/suricata/reference.config'
>>>> (No such file or directory)
>>>> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No
>>>> such file or directory
>>>> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map' (No such file
>>>> or directory)
>>>>
>>>> Log directory = /var/log/barnyard2
>>>> database: 'mysql' support is not compiled into this build of snort
>>>>
>>>> ERROR: If this build of snort was obtained as a binary distribution
>>>> (e.g., rpm,
>>>> or Windows), then check for alternate builds that contains the necessary
>>>> 'mysql' support.
>>>>
>>>> If this build of snort was compiled by you, then re-run the
>>>> the ./configure script using the '--with-mysql' switch.
>>>> For non-standard installations of a database, the '--with-mysql=DIR'
>>>> syntax may need to be used to specify the base directory of the DB
>>>> install.
>>>>
>>>> See the database documentation for cursory details
>>>> (doc/README.database).
>>>> and the URL to the most recent database plugin documentation.
>>>> Fatal Error, Quitting..
>>>>
>>>>
>>>> we don't have these files in Suricata :
>>>> '/etc/suricata/reference.config' (No such file or directory)
>>>> ERROR: Unable to open Generator file "/etc/suricata/gen-msg.map": No
>>>> such file or directory
>>>> ERROR: Unable to open SID file '/etc/suricata/sid-msg.map'
>>>> !!!
>>>>
>>>>
>>>>
>>>>>>
>>>>>> Selon "Anas.B" <a.bouhsaina at gmail.com>:
>>>>>>
>>>>>> > *Help me, please !*
>>>>>>
>>>>>> >
>>>>>> > 2010/7/9 Anas.B <a.bouhsaina at gmail.com>
>>>>>> >
>>>>>> > > Hello,
>>>>>> > > Back :)
>>>>>> > >
>>>>>> > > Compiling Barnyard, I had this Error :
>>>>>> > >
>>>>>> > > --== Initializing Barnyard2 ==--
>>>>>> > > Initializing Input Plugins!
>>>>>> > > Initializing Output Plugins!
>>>>>> > > Parsing config file "/etc/suricata/barnyard2.conf"
>>>>>> > > ERROR: Unable to open Reference file
>>>>>> '/etc/suricata/reference.config' (No
>>>>>> > > such file or directory)
>>>>>> > > ERROR: Unable to open Generator file "/etc/snort/gen-msg.map": No
>>>>>> such file
>>>>>> > > or directory
>>>>>> > > ERROR: Unable to open SID file '/etc/snort/sid-msg.map' (No such
>>>>>> file or
>>>>>> > > directory)
>>>>>> > > Log directory = /var/log/barnyard2
>>>>>> > > database: 'mysql' support is not compiled into this build of snort
>>>>>> > >
>>>>>> > > ERROR: If this build of snort was obtained as a binary
>>>>>> distribution (e.g.,
>>>>>> > > rpm,
>>>>>> > > or Windows), then check for alternate builds that contains the
>>>>>> necessary
>>>>>> > > 'mysql' support.
>>>>>> > >
>>>>>> > > If this build of snort was compiled by you, then re-run the
>>>>>> > > the ./configure script using the '--with-mysql' switch.
>>>>>> > > For non-standard installations of a database, the
>>>>>> '--with-mysql=DIR'
>>>>>> > > syntax may need to be used to specify the base directory of the DB
>>>>>> install.
>>>>>> > >
>>>>>> > > See the database documentation for cursory details
>>>>>> (doc/README.database).
>>>>>> > > and the URL to the most recent database plugin documentation.
>>>>>> > > Fatal Error, Quitting..
>>>>>> > >
>>>>>> > >
>>>>>> > > Remind that in barnyard.conf we have :
>>>>>> > > # set the appropriate paths to the file(s) your Snort process is
>>>>>> using.
>>>>>> > > #
>>>>>> > > *config reference_file:        /etc/suricata/reference.config*
>>>>>> > > config classification_file: /etc/suricata/classification.config
>>>>>> > > *config gen_file:            /etc/snort/gen-msg.map
>>>>>> > > config sid_file:            /etc/snort/sid-msg.map*
>>>>>> > >
>>>>>> > > We don't have these files in suricata ! so how should i react
>>>>>> !!!??
>>>>>> > >
>>>>>> > > best regards!
>>>>>> > > A..
>>>>>> > >
>>>>>> > >
>>>>>> > >
>>>>>> > >
>>>>>> > > 2010/7/8 Anas.B <a.bouhsaina at gmail.com>
>>>>>> > >
>>>>>> > > Ah, I had a doubt about it,
>>>>>> > >>
>>>>>> > >> Thank you, I will retry and tell u, results :)
>>>>>> > >>
>>>>>> > >>
>>>>>> > >> Cheers.
>>>>>> > >>
>>>>>> > >> Anas
>>>>>> > >>
>>>>>> > >> 2010/7/8 Brant Wells <bwells at tfc.edu>
>>>>>> > >>
>>>>>> > >> The Barnyard download should have come with an example file in
>>>>>> the
>>>>>> > >>> download....  Inside of the download's folder, there is a
>>>>>> barnyard.conf
>>>>>> > file
>>>>>> > >>> in ./etc  -- I usually copy this to /etc/suricata/barnyard.conf
>>>>>> and then
>>>>>> > >>> modify as needed.
>>>>>> > >>>
>>>>>> > >>> See Yas!
>>>>>> > >>> ~Brant
>>>>>> > >>>
>>>>>> > >>>
>>>>>> > >>> On Thu, Jul 8, 2010 at 9:57 AM, Anas.B <a.bouhsaina at gmail.com>
>>>>>> wrote:
>>>>>> > >>>
>>>>>> > >>>> Hi Will,
>>>>>> > >>>>
>>>>>> > >>>> I've dowlnloaded barnyard-0.2.0, but i didn't find
>>>>>> "barnyard2.conf"
>>>>>> > >>>>
>>>>>> > >>>> in Suricata.yaml,
>>>>>> > >>>> we have already :
>>>>>> > >>>>
>>>>>> > >>>>
>>>>>> > >>>>   - unified-log:
>>>>>> > >>>>       enabled: yes
>>>>>> > >>>>       filename: unified.log
>>>>>> > >>>>
>>>>>> > >>>>       # Limit in MB.
>>>>>> > >>>>       #limit: 32
>>>>>> > >>>>
>>>>>> > >>>>
>>>>>> > >>>>   - unified-alert:
>>>>>> > >>>>       enabled: yes
>>>>>> > >>>>       filename: unified.alert
>>>>>> > >>>>
>>>>>> > >>>>       # Limit in MB.
>>>>>> > >>>>       #limit: 32
>>>>>> > >>>>
>>>>>> > >>>>   - unified2-alert:
>>>>>> > >>>>       enabled: yes
>>>>>> > >>>>
>>>>>> > >>>>
>>>>>> > >>>>       filename: unified2.alert
>>>>>> > >>>>
>>>>>> > >>>> but how could we link between Suricata log folder and barnyard.
>>>>>> ?
>>>>>> > >>>> help me please.
>>>>>> > >>>>
>>>>>> > >>>> Regards.
>>>>>> > >>>>
>>>>>> > >>>> Anas
>>>>>> > >>>>
>>>>>> > >>>>
>>>>>> > >>>> 2010/7/8 Will Metcalf <william.metcalf at gmail.com>
>>>>>> > >>>>
>>>>>> > >>>> unified1 logs are disabled by default have you enabled them in
>>>>>> your
>>>>>> > >>>>> suricata.yaml file?  Also you need to change the -f snort.log
>>>>>> to be -f
>>>>>> > >>>>> unified.log. As as an fyi you should look at
>>>>>> unified2/barnyard2 if you
>>>>>> > >>>>> are doing a fresh install.
>>>>>> > >>>>>
>>>>>> > >>>>>  - unified-log:
>>>>>> > >>>>>      enabled: yes
>>>>>> > >>>>>      filename: unified.log
>>>>>> > >>>>>
>>>>>> > >>>>>  - unified-alert:
>>>>>> > >>>>>      enabled: yes
>>>>>> > >>>>>      filename: unified.alert
>>>>>> > >>>>>
>>>>>> > >>>>> Regards,
>>>>>> > >>>>>
>>>>>> > >>>>> Will
>>>>>> > >>>>> On Thu, Jul 8, 2010 at 6:36 AM, Anas.B <a.bouhsaina at gmail.com>
>>>>>> wrote:
>>>>>> > >>>>> > Hello everyone,
>>>>>> > >>>>> >
>>>>>> > >>>>> > I've installed mysql, created the database, with snort
>>>>>> shemas
>>>>>> > >>>>> (tables),,
>>>>>> > >>>>> > also Barnyard,
>>>>>> > >>>>> >
>>>>>> > >>>>> >
>>>>>> > >>>>> > in barnyard.conf :
>>>>>> > >>>>> > I've replaced these lines :
>>>>>> > >>>>> >
>>>>>> > >>>>> > config hostname: debian
>>>>>> > >>>>> > config interface: eth0
>>>>>> > >>>>> > output log_acid_db: mysql, database snort, server localhost,
>>>>>> user
>>>>>> > >>>>> root,
>>>>>> > >>>>> > password mysnortpassword, detail full
>>>>>> > >>>>> >
>>>>>> > >>>>> > But to launch Barnyard
>>>>>> > >>>>> > I changed the command (snort) from this :
>>>>>> > >>>>> >
>>>>>> > >>>>> > # /usr/local/bin/barnyard \
>>>>>> > >>>>> > -c /etc/snort/barnyard.conf \
>>>>>> > >>>>> > -g /etc/snort/gen-msg.map \
>>>>>> > >>>>> > -s /etc/snort/sid-msg.map \
>>>>>> > >>>>> > -d /var/log/snort \
>>>>>> > >>>>> > -f snort.log \
>>>>>> > >>>>> > -w /etc/snort/barnyard.waldo &
>>>>>> > >>>>> >
>>>>>> > >>>>> > to this
>>>>>> > >>>>> >
>>>>>> > >>>>> > # /usr/local/bin/barnyard  -c /etc/suricata/barnyard.conf -d
>>>>>> > >>>>> > /var/log/suricata &
>>>>>> > >>>>> >
>>>>>> > >>>>> > But it dosen't work :s
>>>>>> > >>>>> >
>>>>>> > >>>>> > Can u help me,
>>>>>> > >>>>> >
>>>>>> > >>>>> > Regards.
>>>>>> > >>>>> > Anas
>>>>>> > >>>>> >
>>>>>> > >>>>> > _______________________________________________
>>>>>> > >>>>> > Oisf-users mailing list
>>>>>> > >>>>> > Oisf-users at openinfosecfoundation.org
>>>>>> > >>>>> >
>>>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>>>> > >>>>> >
>>>>>> > >>>>> >
>>>>>> > >>>>>
>>>>>> > >>>>
>>>>>> > >>>>
>>>>>> > >>>> _______________________________________________
>>>>>> > >>>> Oisf-users mailing list
>>>>>> > >>>> Oisf-users at openinfosecfoundation.org
>>>>>> > >>>>
>>>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>>>> > >>>>
>>>>>> > >>>>
>>>>>> > >>>
>>>>>> > >>
>>>>>> > >
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Oisf-users mailing list
>>>> Oisf-users at openinfosecfoundation.org
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100712/7848c0e8/attachment-0002.html>

More information about the Oisf-users mailing list