LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-23-2011, 11:28 AM   #1
tbaror
Member
 
Registered: Apr 2006
Posts: 37

Rep: Reputation: 0
Question Snort init errors mysql logging


Hello All,

I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.
The syntax i used to compile Snort as follows below
*********************************************
~/snort-2.9.0.4# ./configure -with-mysql —prefix=/usr/local/snort —enable-ipv6 —enable-gre \-enable-mpls -enable-targetbased —enable-decoder-preprocessor-rules \-enable-ppm -enable-perfprofiling —enable-zlib —enable-active-response \-enable-normalizer —enable-reload —enable-react —enable-flexresp3
***********************************************
in snort.conf i set log as follow
********************************************************************
output database: log, mysql, user=snort password=password dbname=snort host=localhost sensor_name=gfn-sec-sn1
********************************************************************

now when i run snort " /usr/local/snort/bin/snort -c /etc/snort/snort.conf -i eth2"

I get following error
************************************************************
Log directory = /var/log/snort
database: ‘mysql’ support is not compiled into this build of snort

ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm,
or Windows), then check for alternate builds that contains the necessary
‘mysql’ support.

If this build of snort was compiled by you, then re-run the
the ./configure script using the ‘—with-mysql’ switch.
For non-standard installations of a database, the ‘—with-mysql=DIR’
syntax may need to be used to specify the base directory of the DB install.

See the database documentation for cursory details (doc/README.database).
and the URL to the most recent database plugin documentation.
Fatal Error, Quitting..
************************************************************

Since i am not so expert with Linux should i point somewhere for MySQL or i missed something.

Please Advice

Thanks
 
Old 02-23-2011, 11:34 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Quote:
./configure -with-mysql
If you copied your configure statement as you entered it, you are missing a - in the line. It should read --with-mysql.
 
Old 02-23-2011, 12:12 PM   #3
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by Noway2 View Post
If you copied your configure statement as you entered it, you are missing a - in the line. It should read --with-mysql.
Yep...I just saw that, too. Good catch there.

In fact, half of his options are using '-' instead of '--'.

Last edited by unixfool; 02-23-2011 at 12:13 PM.
 
Old 02-23-2011, 01:05 PM   #4
tbaror
Member
 
Registered: Apr 2006
Posts: 37

Original Poster
Rep: Reputation: 0
Thanks all
i noticed that but i rechecked again and its with double dash "--with " so the issue is not that
any knows how i can determine mysql path with Ubuntu 10.10 64

Thanks
 
Old 02-23-2011, 01:26 PM   #5
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by tbaror View Post
Thanks all
i noticed that but i rechecked again and its with double dash "--with " so the issue is not that
any knows how i can determine mysql path with Ubuntu 10.10 64

Thanks
Uhmmm...yeah, the issue IS that.


The reason you can't start Snort with mysql reporting enabled within the config file is because you never built the binary to support mysql. The error message supports this:

Your said:

Quote:
I get following error
************************************************************
Log directory = /var/log/snort
database: ‘mysql’ support is not compiled into this build of snort
Trust me...I've been there, AND the compile command you showed earlier shows that you didn't compile the binary correctly.

This is what you used:

Quote:
./configure -with-mysql —prefix=/usr/local/snort —enable-ipv6 —enable-gre \-enable-mpls -enable-targetbased —enable-decoder-preprocessor-rules \-enable-ppm -enable-perfprofiling —enable-zlib —enable-active-response \-enable-normalizer —enable-reload —enable-react —enable-flexresp3
This is what it should be:

Quote:
./configure --with-mysql
The others need to also be fixed:

Quote:
--prefix=/usr/local/snort --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
To find out the proper options, use ./configure --help

Last edited by unixfool; 02-23-2011 at 01:35 PM.
 
1 members found this post helpful.
Old 02-23-2011, 03:59 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Moved: This thread is more suitable in the Software forum and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FC8 snort-2.8.1 mysql not logging flashl Linux - Software 1 08-13-2008 11:53 PM
Problem Logging SNORT Data to Mysql Database ALInux Linux - Software 4 03-18-2008 12:16 PM
strange errors received while logging in init 3 dsids Linux - General 2 02-28-2007 06:21 AM
Snort not logging Dogit Linux - Security 11 03-06-2005 03:22 PM
Snort and Logging to Mysql. FragInHell Linux - Security 3 09-18-2004 05:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration