Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Barnyard 0.1.5 and mysql

From: "Chris Eidem" <jceidem () dexma com>
Date: Wed, 14 Nov 2001 14:04:55 -0600
Tom,

The docs with the source are really pretty much all you need, but here
an overview on how to use it:

1) use snort 1.8.2 - this has the best barnyard support
2) compile barnyard - you can either download the 0.1.4 tarball or get
0.1.5 from cvs (see http://sourceforge.net/projects/barnyard/ for more
info)
2a) untar 
2b) ./configure --with-mysql (if you want db access)
2c) make && make install
3) edit your snort.conf to enable unified logging
4) edit your barnyard.conf to output as you see fit (I'm having it dump
into a mysql db on a Win2k box and then running ACID on that)
5) run snort - ./snort -c snort.conf [add other switches as needed]
6) run barnyard - ./barnyard -c barnyard.conf -s
/usr/local/snort/sid-msg.map -g /usr/local/snort/gen-msg.map -d
/var/log/snort -f snort.log 

You'll have to watch over your own switches as these are the ones I use
and I'm not talking about where files (*map, barnyard.conf and so on
belong), but I suspect that they may work for a great many installations
out there.  I'll put together a quick-and-dirty how-to tonight or
tomorrow night and let everyone know where it is.  

It really isn't all that hard, especially if you have snort running
already as the config file has been lifted pretty much as is from
snort.conf.

Hope this helps and don't be afraid to ask if you need specific help,
Chris


-----Original Message-----
From: Tom Sevy [mailto:tsevy () epx com]
Sent: Wednesday, November 14, 2001 1:22 PM
To: 'Andrew R. Baker'; Chris Eidem
Subject: RE: [Snort-users] Barnyard 0.1.5 and mysql


Andrew & Chris,

I want to install & use Barnyard.  Is there a faq/how-to for 
it?  I only was
able to find the download....



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: