Windows Intrusion Detection System - Companion Add-On Tutorial
Compiling Barnyard2 on Windows using the Cygwin UNIX emulator
Written by: Michael E. Steele
Introduction
Copyright Notice
This document is Copyright © 2003-2023 Michael Steele. All rights reserved. Permission to distribute this document is hereby granted providing that distribution is electronic, in it's original form, no money is involved, and this copyright notice is maintained. Other requests for distribution will be considered.Use the information in this document at your own risk. Michael Steele disavows any potential liability of this document. Use of the concepts, examples, and/or other content of this document are entirely at your own risk.
This guide is written in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose.
All copyrights are owned by their owners, unless specifically noted otherwise. Third party trademarks or brand names are the property of their owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.
Support Questions and Help
By request, there is a premium fee service available for one on one support.
If you have not acquired this tutorial directly from the winsnort.com website, then you most likely do not have the latest revision of this tutorial!
How to use this guide
It is important when asked to 'Open a CMD window with Administrator privileges' it is done, or the install will fail.
It is also important when asked to 'Close a CMD window' it is done, or the install will fail.
Note: The user installing this tutorial MUST be a member of the Administrators group.
Note: If the User Account Control dialog box appears at ANY time during this install ALWAYS left-click 'Yes' to continue, or the install will fail.
Instructions on starting a command prompt as an Administrator
In the Windows Search box, type cmd, and then press CTRL+SHIFT+ENTER.
It is also important when asked to 'Close a CMD window' it is done, or the install will fail.
Note: The user installing this tutorial MUST be a member of the Administrators group.
Note: If the User Account Control dialog box appears at ANY time during this install ALWAYS left-click 'Yes' to continue, or the install will fail.
Instructions on starting a command prompt as an Administrator
In the Windows Search box, type cmd, and then press CTRL+SHIFT+ENTER.
Operating System and Configuration Setup
Using any 64bit version of Windows with the latest service pack installed will suffice to compile Barnyard2.
This tutorial gives two option on compiling Barnyard2 on Windows using the Cygwin UNIX emulator. Supports automatically or manually compiling Barnyard2 for either the PostgreSQL or the MySQL database.
1) There is a scripted process that if setup properly will automatically compile Barnyard2 into an executable..
The scripted process isn't anything fancy. It compiles Barnyard2 leaving the assimilated and compressed 'Barnyard2' file in the root of drive 'd:\'.
2) The option to manually do a step-by-step compile is also available.
The manual install will give the installer some basic functions of how the Unix environment works as it uses Cygwin, which is a Unix-like environment and command-line interface for Microsoft Windows.
This tutorial will run on ANY modern 64-bit Microsoft Windows operating system, and comes assimilated with all the necessary files to compile barnyard2 on Windows. This tutorial, and the automated script both deal with hard coded paths.
1) There is a scripted process that if setup properly will automatically compile Barnyard2 into an executable..
The scripted process isn't anything fancy. It compiles Barnyard2 leaving the assimilated and compressed 'Barnyard2' file in the root of drive 'd:\'.
2) The option to manually do a step-by-step compile is also available.
The manual install will give the installer some basic functions of how the Unix environment works as it uses Cygwin, which is a Unix-like environment and command-line interface for Microsoft Windows.
This tutorial will run on ANY modern 64-bit Microsoft Windows operating system, and comes assimilated with all the necessary files to compile barnyard2 on Windows. This tutorial, and the automated script both deal with hard coded paths.
Prepping for the Windows Intrusion Detection System (WinIDS) Tutorial
Downloading and extracting the 'WinIDS - Barnyard2 Software Development Pack'
It is imperative to only use the files included in the 'WinIDS - Barnyard2 Software Development Pack' below. These files have been thoroughly tested, and found compatible with all the supported Windows Intrusion Detection Systems (WinIDS) tutorials.
Download The 'WinIDS - Barnyard2 Software Development Pack' to a temporary location.
Open File Explore and navigate to the location of the 'winids-b2sdp.zip' file, right-click the 'winids-b2sdp.zip' file, highlight and left-click 'Extract all...', in the 'Files will be extracted to this folder:' dialog box type 'd:\by2temp' (less the outside quotes), left-click and uncheck the 'Show extracted files when complete' radio box, left-click extract, in 'Password:' dialog box type 'w1nsn03t.c0m' (less the outside quotes), left-click 'OK', and eXit File Explorer.
Downloading additional, and required support files for all supported databases
It is imperative to only use the files downloaded from the URL links below. The files have been verified as compatible with this particular Windows Intrusion Detection Systems (WinIDS) tutorial. There are two database options below, so pick the appropriate application file, and downloaded it into the folder (d:\by2temp) that was created when the files from the above 'WinIDS - Barnyard2 Software Development Pack' were extracted.
MySQL 8.0.44: Download and save the file to the d:\by2temp folder.
PostgreSQL 18.1: Download and save the file to the d:\by2temp folder.
How to compile Barnyard2 on Windows using the Cygwin UNIX emulator for MySQL/PostgreSQL database support
The automated process for compiling Barnyard2 on Windows using the Cygwin UNIX emulator
There are two automated processes to pick from depending on which database being used.
Open a CMD window with Administrator privileges, type 'cd /d d:\by2temp' (less the outside quotes), tap the 'Enter' key.
- Compiling Barnyard2 for MySQL Database Support
- Compiling Barnyard2 for PostgreSQL Database Support
- Compiling Barnyard2 for MySQL and PostgreSQL Database Support
At the CMD prompt type 'compile-winsnort.bat' (less the outside quotes), tap the 'Enter' key, and make your choice.
Note: Note: It may take from 10 to 60 minutes for the automated process to complete depending on the resources (RAM/CPU) available and which option was selected. This tutorial can now be closed and follow any instructions coming from script!
The manual process for compiling Barnyard2 on Windows using the Cygwin UNIX emulator
Installing Cygwin
Open an explorer window and navigate to the 'd:\by2temp' folder. Double left-click the 'setup-x64.exe' file running the Cygwin installer, and close the explorer window.The 'Cygwin Setup' page opens, left-click 'Next'
At the 'Cygwin Setup - Choose Installation Type' leave the default 'Install from Internet' selected, and left-click 'Next'.
The 'Cygwin Setup - Choose Installation Directory' page opens. In the 'Select Root Install Directory' dialog box type 'd:\cygwin' (less the outside quotes), and left-click 'Next'.
The 'Cygwin Setup - Select Local Package Directory' page opens. In the 'Select Local Package Directory' dialog box type 'd:\cygwin\downloads' (less the outside quotes), and left-click 'Next'.
An error message will appear stating 'Directory d:\cygwin\downloads does not exist, would you like me to create it?', left-click 'Yes'.
The 'Cygwin Setup - Select Connection Type' page opens, left-click 'Next'.
The 'Cygwin Setup - Choose Download Site(s)' page appears. There will be a list of package download sites under 'Choose A Download Site'. Left-click highlighting 'http://cygwin.mirrors.hoobly.com', and left-click 'Next'.
The 'Cygwin Setup' page appears and the default packages will be installed.
Installing required Cygwin packages
The 'Cygwin Setup - Select Packages' page appears. Under 'Select Packages, and to the right of 'View' left-click and select 'Full'.In the 'Search' dialog type 'unzip. Under 'Package' to the right of 'unzip' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'zip'. Under 'Package' to the right of 'zip' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'bison'. Under 'Package' to the right of 'bison' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'automake'. Under 'Package' to the right of 'automake' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'cmake'. Under 'Package' to the right of 'cmake' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'gcc-core'. Under 'Package' to the right of 'gcc-core' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'gcc-g++'. Under 'Package' to the right of 'gcc-g++' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'libtool'. Under 'Package' to the right of 'libtool' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'libicu'. Under 'Package' to the right of 'libicu-devel' left-click the down arrow, and left-click selecting the latest stable version.
Scroll down to 'libicu73' left-click the down arrow, and left-click selecting the latest stable version.
PostgreSQL Compile Only: In the 'Search' dialog type 'flex'. Under 'Packages' to the right of 'flex, flex-debuginfo, flexdll' left-click the down arrow for each one and left-click selecting the latest stable version.
In the 'Search' dialog type 'make'. Under 'Package' to the right of 'make' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'libreadline-devel'. Under 'Package' to the right of 'libreadline-devel' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'zlib'. Under 'Package' to the right of 'zlib' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'zlib-devel'. Under 'Package' to the right of 'zlib-devel' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'perl'. Under 'Package' to the right of 'perl' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'patch'. Under 'Package' to the right of 'patch' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'libgmp-devel'. Under 'Package' to the right of 'libgmp-devel' left-click the down arrow, and left-click selecting the latest stable version.
In the 'Search' dialog type 'libedit-devel'. Under 'Package' to the right of 'libedit-devel' left-click the down arrow, and left-click selecting the latest stable version.
MySQL Compile Only: In the 'Search' dialog type 'libmariadb-devel'. Under 'Package' to the right of 'libmariadb-devel' left-click the down arrow, and left-click selecting the latest stable version.
MySQL Compile Only: In the 'Search' dialog type 'mariadb-common'. Under 'Package' to the right of 'mariadb-common' left-click the down arrow, and left-click selecting the latest stable version.
At the bottom right left-click 'Next'.
The 'Cygwin Setup - Review and confirm changes' page opens, left-click 'Next'.
The 'Cygwin Setup - Progress' page opens displaying the default packages being installed along with their dependencies. The progress is displayed at the top left, and this could take several minutes to complete.
At the 'Cygwin Setup - Installation Status and Create Icons', left-click 'Finish'.
Installing the support programs
On the desktop double left-click the 'Cygwin Terminal' icon to open the Cygwin Terminal WindowAt the Cygwin CMD prompt type 'unzip /cygdrive/d/temp/barnyard2-master.zip -d /cygdrive/d/cygwin' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'mv /cygdrive/d/cygwin/barnyard2-master /cygdrive/d/cygwin/source' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'unzip /cygdrive/d/temp/WpdPack_4_1_2.zip -d /cygdrive/d/cygwin' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp -Rf /cygdrive/d/cygwin/WpdPack/Lib/* /cygdrive/d/cygwin/lib' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp -Rf /cygdrive/d/cygwin/WpdPack/Include/* /cygdrive/d/cygwin/usr/include' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'unzip /cygdrive/d/temp/includes.zip -d /cygdrive/d/cygwin/usr/include' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'perl -pi -e 's/`ref_system_id`/ref_system_id/g;' /cygdrive/d/cygwin/source/src/output-plugins/spo_database_cache.h' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt 'mv /cygdrive/d/cygwin/lib/libwpcap.a /cygdrive/d/cygwin/lib/libpcap.a' (less the outside quotes), and tap the 'Enter' key.
Prepping MySQL support for Barnyard2
It is important to be compiling Barnyard2 with the same version of the database that is running on the Windows Intrusion Detection System (WinIDS)!
At the Cygwin CMD prompt type 'perl -pi -e 's/AND NOT WIN32/AND WIN32/g' /cygdrive/d/cygwin/mysql-8.0.44/configure.cmake' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'sed -i '1s/^/SET(CMAKE_LEGACY_CYGWIN_WIN32=1)\n/' /cygdrive/d/cygwin/mysql-8.0.44/CMakeLists.txt' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cd /cygdrive/d/cygwin/mysql-8.0.44' less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cmake . -DWITH_EDITLINE=system -DINSTALL_MYSQLTESTDIR=' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'make mysqlclient && make install' (less the outside quotes), and tap the 'Enter' key.
Prepping PostgreSQL support for Barnyard2
It is important to be compiling Barnyard2 with the same version of the database that is running on the Windows Intrusion Detection System (WinIDS)!
At the Cygwin CMD prompt type 'cd /cygdrive/d/cygwin/postgresql-18.1' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type './configure' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'make && make install' (less the outside quotes), and tap the 'Enter' key.
Assimilating the Barnyard2 executable, and the support files
At the Cygwin CMD prompt type ' mkdir /cygdrive/d/barnyard2' (less the outside quotes), and tap the 'Enter' key.At the Cygwin CMD prompt type ' mkdir /cygdrive/d/barnyard2/etc' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type ' mkdir /cygdrive/d/barnyard2/schemas' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/source/schemas/create* /cygdrive/d/cygwin/barnyard2/schemas' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/usr/local/bin/barnyard2.exe /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/usr/local/etc/barnyard2.conf /cygdrive/d/cygwin/barnyard2/etc' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygz.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygwin1.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygstdc++-6.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
MySQL Compile Only: At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygmariadb-3.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
MySQL Compile Only: At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygcrypto-1.1.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
MySQL Compile Only: At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygiconv-2.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
MySQL Compile Only: At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/bin/cygssl-1.1.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
PostgreSQL Compile Only: At the Cygwin CMD prompt type 'cp /cygdrive/d/cygwin/usr/local/pgsql/lib/cygpq.dll /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.
Creating the final compressed Barnyard2
At the Cygwin CMD prompt type 'cd /cygdrive/d/cygwin/barnyard2' (less the outside quotes), and tap the 'Enter' key.At the Cygwin CMD prompt type 'zip -r /cygdrive/d/barnyard2-2.1.14-b337.zip' (less the outside quotes), and tap the 'Enter' key.
At the Cygwin CMD prompt type 'exit' (less the outside quotes), and tap the 'Enter' key.
The Compiled, Assimilated, and Compressed 'Barnyard2' file can be found in the root of drive 'd:\'.
Cleaning up the Barnyard2 compile process
Open a CMD window with Administrator privileges and type 'rmdir /S /Q d:\cygwin' (less the outside quotes), and tap the 'Enter' key.At the CMD prompt type 'RMDIR /S /Q "%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Cygwin"' (less the outside quotes), and tap the 'Enter' key.
At the CMD prompt type 'del %PUBLIC%\Desktop\Cygwin*' (less the outside quotes), and tap the 'Enter' key.
At the CMD prompt type 'exit' (less the outside quotes), and tap the 'Enter' key.
In Conclusion
Congratulations, you have just completed compiling your very own copy of Barnyard2 for Windows, using the Cygwin UNIX emulator for Windows, on windows, for either the MySQL, or PostgreSQL database.I hope this tutorial has been helpful to you. Please feel free to provide feedback, both issues you experienced and recommendations that you might have. The goal of this tutorial was not just for you to compile Barnyard2, but to understand how all the parts work together, and get a deeper understanding of all the components, so that you can troubleshoot, modify, and update your Windows Intrusion Detection System (WinIDS) with confidence.
Optional Companion Documents
Be SURE to check out the available 'Companion Add-on Documents' to enhance the Windows Intrusion Detection System (WinIDS) experience.
- How to add Event Logging to a local Syslog Server.
This tutorial will show how to configure Snort to send events to a local Syslog Server, on an existing Windows Intrusion Detection System (WinIDS).
- How to add Event Logging to a remote Syslog Server.
This tutorial will show how to configure Snort to send events to a remote Syslog Server from an existing Windows Intrusion Detection System (WinIDS).
- How to add Email Alerting to an existing Windows Intrusion Detection System (WinIDS)
This tutorial will show how to email user defined priority events on an existing Windows Intrusion Detection System (WinIDS).
- How to configure Barnyard2 to run as a service
This tutorial is a simple to understand process on how to configure Barnyard2 to run as a service.
- How to compile Barnyard2 on Windows using Cygwin
This tutorial is a simple to understand, step-by-step guide for Compiling Barnyard2 on Windows using Cygwin (UNIX emulator).
- How to build and deploy a passive Ethernet tap
This tutorial will show how to build and deploy a passive Ethernet tap.
Updating the Windows Intrusion Detection Systems (WinIDS) Major components
- How to update the Snort Intrusion Detection Engine
This tutorial will show How to update the Snort Intrusion Detection Engine.
- How to update the Windows Intrusion Detection Systems rules
This tutorial will show how to update the Windows Intrusion Detection Systems rules.
Debugging Installation errors
Check the Event Viewer as most of the support programs will throw FATAL errors into the Windows Application log.General tutorial issues
For general problem issues that pertain to this specific tutorial, left-click the get community support button at the top of this tutorial, or manually navigate to the correct community support forum pertaining to this specific tutorial.Feedback
I would love to get feedback from you about this tutorial. Any recommendations, or ideas, please leave feedback HERE.Michael E. Steele | Microsoft Certified System Engineer (MCSE)
Email Support: support@winsnort.com
Snort: Open Source Network IDS - www.snort.org