Re: Another Barnyard Question

["Andrew R. Baker" <andrewb () snort org>]

Lance Boon wrote:
> I'm trying to get barnyard-0.2.0.tar.gz setup and running on my remote
> sensors logging to a centralized MySql database. I've got the Snort 2.0
> Intrusion Detection book and reading through it on page 431 it says that
> "Some recent additions to the barnyard.conf file will allow us to
> actually run Barnyard without the -g and -s switches. These files can be
> preconfigured within the "configuration declarations" section of the
> barnyard.conf file. "
> For example: 
> config generator-map: gen-msg.map 
> config signature-map: sid-msg.map

The Snort 2.0 book is not very useful for Barnyard 0.2 as a number of 
things changed.  The updated version from Syngress (Snort 2.1) documents 
all of the changes in Barnyard 0.2.

For the config file on 0.2, try using these instead:

config sid-msg-map: /path/to/sid-msg.map
config gen-msg-map: /path/to/gen-msg.map

-A



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users