The guide explains everything you need to do for building Barnyard2 from source. It’s written for Ubuntu 12.04. Barnyard2 reads unified2 logs produced by SNORT®. It sends those logs to MySQL. Note that I’m using a dedicated build machine to compile the source as I don’t want to install development files and compilers on the machine that is running Snort®. In my previous post, I’ve explained how to install snort® and how to keep the rules up-to-date.
Install required tools
A default install of Ubuntu doesn’t include of the tools that you need to starting creating your own packages. This installs the essentials to get you starting.
# apt-get install build-essential libtool autoconf git
And also install the dependencies.
# apt-get install libpcap-dev libmysqld-dev libprelude-dev
Download source
Since I want to have the most recent version available, I’m using git to pul the latest snapshot.
$ git clone git://github.com/firnsy/barnyard2.git
Creating Makefiles
The next steps will create the makefile that are necessary before you can start building Barnyard2 from source.
$ cd barnyard2 $ ./autogen.sh $ ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu --enable-ipv6 --enable-prelude --prefix=$HOME/barnyard2-install
Note that I’m compiling for a 64bit system. For 32bit installs, replace “x86_64” with “i386”. You have to look at the output of the ‘configure’ command to make sure it didn’t stop with an error. Possible reasons for giving an error are missing build tools or development libraries. You can also see that I want to have support for IPv6 and output to Prelude and MySQL.
Building Barnyard2 from source
The next step will start the actual build process.
$ make $ mkdir $HOME/barnyard2-install $ make install $ find $HOME/barnyard2-install /home/thomas/barnyard2-install /home/thomas/barnyard2-install/bin /home/thomas/barnyard2-install/bin/barnyard2 /home/thomas/barnyard2-install/etc /home/thomas/barnyard2-install/etc/barnyard2.conf
In my next post, I’ll explain how to install, configure and run barnyard2 on the IDS sensor.
This page is part of a series about a complete installation and configuration of Snort.
Snort is a registered trademark of Sourcefire, Inc.
During command make, we get an error.
fix for that error is to put CFLAGS=’-lpthread’ before ./configure
I can confirm with Gojko that CFLAGS=’-lpthread’ is needed before ./configure. Otherwise you get a strange error message when building.
Hi I had the same issue with lpthread on Ubuntu 14 to fixe it after reviewing the conigure fole and Makefile just found iut that you can add the argument Cflags while running ./configure
After that i was able to compile, not sur eif correct but that fixe my issue on Ubuntu x64 14
the argument should be on this way :
sudo ./configure CFLAGS=”-lpthread -g” –with-mysql –with-mysql-libraries=/usr/lib/x86_64-linux-gnu –enable-ipv6 –enable-prelude –prefix=$HOME/barnyard2-install
if you add -g the scrit will detect it and add it.
Hello, when I run the make command I get the following error:
make[1]: se ingresa al directorio «/home/usuario/Descargas/barnyard2-master»
Making all in src
make[2]: se ingresa al directorio «/home/usuario/Descargas/barnyard2-master/src»
Making all in sfutil
make[3]: se ingresa al directorio «/home/usuario/Descargas/barnyard2-master/src/sfutil»
make[3]: No se hace nada para «all».
make[3]: se sale del directorio «/home/usuario/Descargas/barnyard2-master/src/sfutil»
How can I fix this error?
Ubuntu 14.04 64-bit failed to build make makes error
root@c1:/tmp# cd /tmp
root@c1:/tmp# git clone git://github.com/firnsy/barnyard2.git
Cloning into ‘barnyard2’…
remote: Reusing existing pack: 1071, done.
remote: Total 1071 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (1071/1071), 1.02 MiB | 256.00 KiB/s, done.
Resolving deltas: 100% (690/690), done.
Checking connectivity… done.
root@c1:/tmp#
root@c1:/tmp# cd barnyard2
root@c1:/tmp/barnyard2# /autogen.sh
bash: /autogen.sh: No such file or directory
root@c1:/tmp/barnyard2# ./autogen.sh
Found libtoolize
libtoolize: putting auxiliary files in `.’.
libtoolize: copying file `./ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4′.
libtoolize: copying file `m4/libtool.m4′
libtoolize: copying file `m4/ltoptions.m4′
libtoolize: copying file `m4/ltsugar.m4′
libtoolize: copying file `m4/ltversion.m4′
libtoolize: copying file `m4/lt~obsolete.m4′
autoreconf: Entering directory `.’
autoreconf: configure.in: not using Gettext
autoreconf: running: aclocal –force -I m4
aclocal: warning: autoconf input should be named ‘configure.ac’, not ‘configure.in’
autoreconf: configure.in: tracing
autoreconf: running: libtoolize –copy –force
libtoolize: putting auxiliary files in `.’.
libtoolize: copying file `./ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4′.
libtoolize: copying file `m4/libtool.m4′
libtoolize: copying file `m4/ltoptions.m4′
libtoolize: copying file `m4/ltsugar.m4′
libtoolize: copying file `m4/ltversion.m4′
libtoolize: copying file `m4/lt~obsolete.m4′
aclocal: warning: autoconf input should be named ‘configure.ac’, not ‘configure.in’
autoreconf: running: /usr/bin/autoconf –force
autoreconf: running: /usr/bin/autoheader –force
autoreconf: running: automake –add-missing –copy –force-missing
automake: warning: autoconf input should be named ‘configure.ac’, not ‘configure.in’
configure.in:7: warning: AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated. For more info, see:
configure.in:7: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
configure.in:10: installing ‘./compile’
configure.in:10: installing ‘./config.guess’
configure.in:10: installing ‘./config.sub’
configure.in:7: installing ‘./install-sh’
configure.in:7: installing ‘./missing’
Makefile.am:8: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
configure.in:1119: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
configure.in:1119: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
configure.in:1119: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
configure.in:1119: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
configure.in:1119: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
src/Makefile.am:37: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
automake: warning: autoconf input should be named ‘configure.ac’, not ‘configure.in’
src/input-plugins/Makefile.am:8: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
src/output-plugins/Makefile.am:28: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
src/sfutil/Makefile.am:18: warning: ‘INCLUDES’ is the old name for ‘AM_CPPFLAGS’ (or ‘*_CPPFLAGS’)
autoreconf: Leaving directory `.’
You can now run “./configure” and then “make”.
root@c1:/tmp/barnyard2# ./configure –with-mysql –with-mysql-libraries=/usr/lib/x86_64-linux-gnu –enable-ipv6 –enable-prelude –prefix=$HOME/barnyard2-install
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /bin/mkdir -p
checking for gawk… no
checking for mawk… mawk
checking whether make sets $(MAKE)… yes
checking whether make supports nested variables… yes
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking how to print strings… printf
checking for style of include used by make… GNU
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking whether gcc understands -c and -o together… yes
checking dependency style of gcc… none
checking for a sed that does not truncate output… /bin/sed
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for fgrep… /bin/grep -F
checking for ld used by gcc… /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld… yes
checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface… BSD nm
checking whether ln -s works… yes
checking the maximum length of command line arguments… 1572864
checking whether the shell understands some XSI constructs… yes
checking whether the shell understands “+=”… yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format… func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format… func_convert_file_noop
checking for /usr/bin/ld option to reload object files… -r
checking for objdump… objdump
checking how to recognize dependent libraries… pass_all
checking for dlltool… no
checking how to associate runtime and link libraries… printf %s\n
checking for ar… ar
checking for archiver @FILE support… @
checking for strip… strip
checking for ranlib… ranlib
checking command to parse /usr/bin/nm -B output from gcc object… ok
checking for sysroot… no
checking for mt… mt
checking if mt is a manifest tool… no
checking how to run the C preprocessor… gcc -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking for dlfcn.h… yes
checking for objdir… .libs
checking if gcc supports -fno-rtti -fno-exceptions… no
checking for gcc option to produce PIC… -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works… yes
checking if gcc static flag -static works… yes
checking if gcc supports -c -o file.o… yes
checking if gcc supports -c -o file.o… (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking whether -lc should be explicitly linked in… no
checking dynamic linker characteristics… GNU/Linux ld.so
checking how to hardcode library paths into programs… immediate
checking whether stripping libraries is possible… yes
checking if libtool supports shared libraries… yes
checking whether to build shared libraries… yes
checking whether to build static libraries… yes
checking whether to enable maintainer-specific portions of Makefiles… no
checking for gcc option to accept ISO C99… -std=gnu99
checking for gcc -std=gnu99 option to accept ISO Standard C… (cached) -std=gnu99
checking for gcc… (cached) gcc
checking whether we are using the GNU C compiler… (cached) yes
checking whether gcc accepts -g… (cached) yes
checking for gcc option to accept ISO C89… (cached) none needed
checking whether gcc understands -c and -o together… (cached) yes
checking dependency style of gcc… (cached) none
checking whether byte ordering is bigendian… no
checking for bison… bison
checking for flex… flex
checking for strings.h… (cached) yes
checking for string.h… (cached) yes
checking for stdlib.h… (cached) yes
checking for unistd.h… (cached) yes
checking sys/sockio.h usability… no
checking sys/sockio.h presence… no
checking for sys/sockio.h… no
checking paths.h usability… yes
checking paths.h presence… yes
checking for paths.h… yes
checking for inttypes.h… (cached) yes
checking wchar.h usability… yes
checking wchar.h presence… yes
checking for wchar.h… yes
checking math.h usability… yes
checking math.h presence… yes
checking for math.h… yes
checking for floor in -lm… yes
checking for ceil in -lm… yes
checking for inet_ntoa in -lnsl… yes
checking for socket in -lsocket… no
checking whether printf must be declared… no
checking whether fprintf must be declared… no
checking whether syslog must be declared… no
checking whether puts must be declared… no
checking whether fputs must be declared… no
checking whether fputc must be declared… no
checking whether fopen must be declared… no
checking whether fclose must be declared… no
checking whether fwrite must be declared… no
checking whether fflush must be declared… no
checking whether getopt must be declared… no
checking whether bzero must be declared… no
checking whether bcopy must be declared… no
checking whether memset must be declared… no
checking whether strtol must be declared… no
checking whether strcasecmp must be declared… no
checking whether strncasecmp must be declared… no
checking whether strerror must be declared… no
checking whether perror must be declared… no
checking whether socket must be declared… no
checking whether sendto must be declared… no
checking whether vsnprintf must be declared… no
checking whether snprintf must be declared… no
checking whether strtoul must be declared… no
checking for snprintf… yes
checking for strlcpy… no
checking for strlcat… no
checking for strerror… yes
checking for vswprintf… yes
checking for wprintf… yes
checking size of char… 1
checking size of short… 2
checking size of int… 4
checking size of long int… 8
checking size of long long int… 8
checking size of unsigned int… 4
checking size of unsigned long int… 8
checking size of unsigned long long int… 8
checking for u_int8_t… yes
checking for u_int16_t… yes
checking for u_int32_t… yes
checking for u_int64_t… yes
checking for uint8_t… yes
checking for uint16_t… yes
checking for uint32_t… yes
checking for uint64_t… yes
checking for int8_t… yes
checking for int16_t… yes
checking for int32_t… yes
checking for int64_t… yes
checking for INADDR_NONE… yes
checking for __FUNCTION__… yes
checking pcap.h usability… yes
checking pcap.h presence… yes
checking for pcap.h… yes
checking for pcap_datalink in -lpcap… yes
checking for sparc… no
checking for libprelude-config… /usr/bin/libprelude-config
checking for libprelude – version >= 0.9.6… yes
checking for mysql… yes
checking for compress in -lz… yes
checking for mysql default client reconnect… no
checking for mysql reconnect option… yes
checking for mysql setting of reconnect option before connect bug… no
checking for linuxthreads… no
checking that generated files are newer than configure… done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/sfutil/Makefile
config.status: creating src/input-plugins/Makefile
config.status: creating src/output-plugins/Makefile
config.status: creating etc/Makefile
config.status: creating doc/Makefile
config.status: creating rpm/Makefile
config.status: creating schemas/Makefile
config.status: creating m4/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
root@c1:/tmp/barnyard2# make
make all-recursive
make[1]: Entering directory `/tmp/barnyard2′
Making all in src
make[2]: Entering directory `/tmp/barnyard2/src’
Making all in sfutil
make[3]: Entering directory `/tmp/barnyard2/src/sfutil’
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o getopt_long.o getopt_long.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sfmemcap.o sfmemcap.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sfprimetable.o sfprimetable.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sfxhash.o sfxhash.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sf_ip.o sf_ip.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sf_iph.o sf_iph.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sf_ipvar.o sf_ipvar.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sf_textlog.o sf_textlog.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o sf_vartable.o sf_vartable.c
rm -f libsfutil.a
ar cru libsfutil.a getopt_long.o sfmemcap.o sfprimetable.o sfxhash.o sf_ip.o sf_iph.o sf_ipvar.o sf_textlog.o sf_vartable.o
ranlib libsfutil.a
make[3]: Leaving directory `/tmp/barnyard2/src/sfutil’
Making all in output-plugins
make[3]: Entering directory `/tmp/barnyard2/src/output-plugins’
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_arubaaction.o spo_alert_arubaaction.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_bro.o spo_alert_bro.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_cef.o spo_alert_cef.c
spo_alert_cef.c: In function ‘AlertCEF’:
spo_alert_cef.c:500:15: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
ClassType *cn;
^
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_csv.o spo_alert_csv.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_fast.o spo_alert_fast.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_full.o spo_alert_full.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_fwsam.o spo_alert_fwsam.c
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
ClassType *cn = NULL;
^
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
SigNode *sn = NULL;
^
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
^
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_prelude.o spo_alert_prelude.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_syslog.o spo_alert_syslog.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_test.o spo_alert_test.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_alert_unixsock.o spo_alert_unixsock.c
spo_alert_unixsock.c: In function ‘AlertUnixSockCleanExit’:
spo_alert_unixsock.c:385:2: warning: implicit declaration of function ‘free’ [-Wimplicit-function-declaration]
free(data->filename);
^
spo_alert_unixsock.c:385:2: warning: incompatible implicit declaration of built-in function ‘free’ [enabled by default]
spo_alert_unixsock.c:390:2: warning: incompatible implicit declaration of built-in function ‘free’ [enabled by default]
free(data);
^
spo_alert_unixsock.c: In function ‘AlertUnixSockRestart’:
spo_alert_unixsock.c:403:2: warning: incompatible implicit declaration of built-in function ‘free’ [enabled by default]
free(data->filename);
^
spo_alert_unixsock.c:408:2: warning: incompatible implicit declaration of built-in function ‘free’ [enabled by default]
free(data);
^
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_common.o spo_common.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_log_ascii.o spo_log_ascii.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_log_null.o spo_log_null.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_log_tcpdump.o spo_log_tcpdump.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_sguil.o spo_sguil.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_echidna.o spo_echidna.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_syslog_full.o spo_syslog_full.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_database.o spo_database.c
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spo_database_cache.o spo_database_cache.c
rm -f libspo.a
ar cru libspo.a spo_alert_arubaaction.o spo_alert_bro.o spo_alert_cef.o spo_alert_csv.o spo_alert_fast.o spo_alert_full.o spo_alert_fwsam.o spo_alert_prelude.o spo_alert_syslog.o spo_alert_test.o spo_alert_unixsock.o spo_common.o spo_log_ascii.o spo_log_null.o spo_log_tcpdump.o spo_sguil.o spo_echidna.o spo_syslog_full.o spo_database.o spo_database_cache.o
ranlib libspo.a
make[3]: Leaving directory `/tmp/barnyard2/src/output-plugins’
Making all in input-plugins
make[3]: Entering directory `/tmp/barnyard2/src/input-plugins’
gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I../sfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spi_unified2.o spi_unified2.c
spi_unified2.c: In function ‘Unified2ReadRecord’:
spi_unified2.c:166:25: warning: variable ‘record_type’ set but not used [-Wunused-but-set-variable]
uint32_t record_type;
^
rm -f libspi.a
ar cru libspi.a spi_unified2.o
ranlib libspi.a
make[3]: Leaving directory `/tmp/barnyard2/src/input-plugins’
make[3]: Entering directory `/tmp/barnyard2/src’
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o barnyard2.o barnyard2.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o debug.o debug.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o decode.o decode.c
decode.c: In function ‘DecodeNullPkt’:
decode.c:1194:14: warning: variable ‘len’ set but not used [-Wunused-but-set-variable]
uint32_t len;
^
decode.c: In function ‘DecodePPPoEPkt’:
decode.c:1870:21: warning: variable ‘ppppoep’ set but not used [-Wunused-but-set-variable]
const PPPoEHdr *ppppoep=NULL;
^
decode.c: In function ‘DecodeSlipPkt’:
decode.c:2366:14: warning: variable ‘len’ set but not used [-Wunused-but-set-variable]
uint32_t len;
^
decode.c: In function ‘DecodeTCPOptions’:
decode.c:5020:12: warning: variable ‘ttcp_found’ set but not used [-Wunused-but-set-variable]
u_char ttcp_found = 0;
^
decode.c:5019:12: warning: variable ‘obsolete_option_found’ set but not used [-Wunused-but-set-variable]
u_char obsolete_option_found = 0;
^
decode.c:5018:12: warning: variable ‘experimental_option_found’ set but not used [-Wunused-but-set-variable]
u_char experimental_option_found = 0; /* are all options RFC compliant? */
^
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o log.o log.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o log_text.o log_text.c
log_text.c: In function ‘LogTcpOptions’:
log_text.c:608:12: warning: variable ‘print_offset’ set but not used [-Wunused-but-set-variable]
u_long print_offset;
^
log_text.c:607:12: warning: variable ‘init_offset’ set but not used [-Wunused-but-set-variable]
u_long init_offset;
^
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o map.o map.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o mstring.o mstring.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o parser.o parser.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o plugbase.o plugbase.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o spooler.o spooler.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o strlcatu.o strlcatu.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o strlcpyu.o strlcpyu.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o twofish.o twofish.c
gcc -DHAVE_CONFIG_H -I. -I.. -Isfutil -DSUP_IP6 -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c -o util.o util.c
util.c: In function ‘GoDaemon’:
util.c:1091:9: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable]
int ret = 0;
^
/bin/bash ../libtool –tag=CC –mode=link gcc -g -O2 -fno-strict-aliasing -Wall -L/usr/lib/x86_64-linux-gnu -o barnyard2 barnyard2.o debug.o decode.o log.o log_text.o map.o mstring.o parser.o plugbase.o spooler.o strlcatu.o strlcpyu.o twofish.o util.o output-plugins/libspo.a input-plugins/libspi.a sfutil/libsfutil.a -lmysqlclient -lz -lpcap -lnsl -lm -lm -L/usr/lib/x86_64-linux-gnu -lprelude -lgnutls -lgcrypt -ldl
libtool: link: gcc -g -O2 -fno-strict-aliasing -Wall -o barnyard2 barnyard2.o debug.o decode.o log.o log_text.o map.o mstring.o parser.o plugbase.o spooler.o strlcatu.o strlcpyu.o twofish.o util.o -L/usr/lib/x86_64-linux-gnu output-plugins/libspo.a input-plugins/libspi.a sfutil/libsfutil.a -lmysqlclient -lz -lpcap -lnsl -lm -lprelude -lgnutls -lgcrypt -ldl
/usr/bin/ld: barnyard2.o: undefined reference to symbol ‘pthread_sigmask@@GLIBC_2.2.5′
//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[3]: *** [barnyard2] Error 1
make[3]: Leaving directory `/tmp/barnyard2/src’
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/tmp/barnyard2/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/barnyard2′
make: *** [all] Error 2
root@c1:/tmp/barnyard2#
I get the same error as above:
“//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line”
Check this post : https://groups.google.com/d/msg/barnyard2-users/Wy0MvDz1DjQ/ct_kFNPA2xQJ
make did work then
Ok to fix just do this.
Compiling
Configure, compile, and install the libdnet library with support for MySQL:
./configure –with-mysql
make
After the “make” command you may encounter a couple errors keeping you from continuing, starting with the first:
In file included from spot_alert_cef.c:67:
../strlcpyu.h:24:8: error: conflicting types…
Edit the file src/strlcpyu.h and comment out the following line so that it looks as below:
//size_t strlcpy(char *, const char *, size_t);
Save the file and run “make” again. If you received that first error, you’ll likely receive a second like unto it:
In file included from spot_alert_cef.c:66:
../strlcatu.h:24:8: error: conflicting types…
Edit the file src/strlcatu.h and comment out the following line so that it looks as below:
//size_t strlcat(char *, const char *, size_t);
Run the “make” command again. All should be successful.
Continue and complete with “make install”.
Still valid. I used this to compile and install on Feb 2017. I needed CFLAGS=”-lpthread -g”