Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Third Party Tools » Barnyard to MySQL server error

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Barnyard to MySQL server error


Posted by roastmules on June 03, 2005 08:55:48

I can't seem to get Barnyard to report to a central MySQL server. Snort when ran alone has no issues sending data to the server. Whenever I attempt to launch Barnyard however I receive this error. I have enclosed info from barnyard.conf file. If anyone could please help? Both boxes are dell 1650 with RedHat ES4.

Barnyard Version 0.2.0 (Build 32)
WARNING /etc/snort/barnyard.conf(127) => Unknown output plugin "log_acid_db" referenced, ignoring!Fatal Error, Quitting..
Exiting

# Step 1: configuration declarations
# To keep from having a commandline that uses every letter in the alphabet
# most configuration options are set here

# enable daemon mode
# config daemon

# use localtime instead of UTC (*not* recommended because of timewarps)
#config localtime

# set the hostname (currently only used for the acid db output plugin)
config hostname: localhost

# set the interface name (currently only used for the acid db output plugin)
config interface: eth2

# set the filter (currently only used for the acid db output plugin)
config filter: not port 22

# acid_db
#-------------------------------
# Available as both a log and alert output plugin. Used to output data into
# the db schema used by ACID
# Arguments:
# $db_flavor - what flavor of database (ie, mysql)
# sensor_id $sensor_id - integer sensor id to insert data as
# database $database - name of the database
# server $server - server the database is located on
# user $user - username to connect to the database as
# password $password - password for database authentication
# output alert_acid_db: mysql, sensor_id 1, database snort, server
output log_acid_db: mysql, database snort, server
hostname.domainname.com, user snort, password password, detail
full



Posted by Ludo on July 01, 2005 01:43:39

In order to use log_acid_db output plugin, you have to compile Barnyard with specific options..

I'm not sure but i think it's ./configure --enable-mysql

Good luck!

Posted by chris_wilson on January 02, 2006 12:17:31

I'm having the same problem and I can't for the life of me figure out why. When I compiled Barnyard, I used

./configure \
--enable-mysql=/usr/local/mysql \
--with-mysql-libraries=/usr/local/myqsl/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql && make && make install

I'm using Barynard-0.2.0 on FC4. It compiles and installes fine, and will run if I comment out the db statement.

Posted by nuc on October 13, 2006 17:15:08

so any help on this one??? I'm having exactly the same problem.. :(

Posted by duh on October 20, 2006 08:23:36

if you compiled without the mysql before, you need to doa a make clean before make again. barnyard's script is a little messed up.

Posted by nuc on October 21, 2006 02:07:49

my mistake was that i've included --with-mysql and not --enable-mysql
so it was not compiled with mysql at all..


Thank you for your answer anyway :)
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.