Snort init errors mysql logging
 

Hello All,

I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.
The syntax i used to compile Snort as follows below
*********************************************
~/snort-2.9.0.4# ./configure -with-mysql —prefix=/usr/local/snort —enable-ipv6 —enable-gre \-enable-mpls -enable-targetbased —enable-decoder-preprocessor-rules \-enable-ppm -enable-perfprofiling —enable-zlib —enable-active-response \-enable-normalizer —enable-reload —enable-react —enable-flexresp3
***********************************************
in snort.conf i set log as follow
********************************************************************
output database: log, mysql, user=snort password=password dbname=snort host=localhost sensor_name=gfn-sec-sn1
********************************************************************

now when i run snort " /usr/local/snort/bin/snort -c /etc/snort/snort.conf -i eth2"

I get following error
************************************************************
Log directory = /var/log/snort
database: ‘mysql’ support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
‘mysql’ support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the ‘—with-mysql’ switch.
For non-standard installations of a database, the ‘—with-mysql=DIR’
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
************************************************************

Since i am not so expert with Linux should i point somewhere for MySQL or i missed something.

Please Advice

Thanks

If you copied your configure statement as you entered it, you are missing a - in the line. It should read --with-mysql.

Yep...I just saw that, too. Good catch there.

In fact, half of his options are using '-' instead of '--'.

Thanks all
i noticed that but i rechecked again and its with double dash "--with " so the issue is not that
any knows how i can determine mysql path with Ubuntu 10.10 64

Thanks

Uhmmm...yeah, the issue IS that.


The reason you can't start Snort with mysql reporting enabled within the config file is because you never built the binary to support mysql. The error message supports this:

Your said:

Trust me...I've been there, AND the compile command you showed earlier shows that you didn't compile the binary correctly.

This is what you used:

This is what it should be:

The others need to also be fixed:

To find out the proper options, use ./configure --help

Moved: This thread is more suitable in the Software forum and has been moved accordingly to help your thread/question get the exposure it deserves.