Snort mailing list archives

Re: Problem with barnyard 0.2.0 and snort 2.4.0

From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 19 Sep 2005 12:30:32 -0500

--On Saturday, August 20, 2005 13:57:01 -0400 Jason Brvenik<jason.brvenik () sourcefire com> wrote:


Next I start barnyard in the following manner...

 # /var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
    -s /var/snort/etc/sid-msg.map -g /var/snort/etc/gen-msg.map \
    -p /var/snort/etc/classification.config -d /var/snort/log \
    -f snort.log -w /var/snort/log/snort_ids.log


change that to

/var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
    -s /var/snort/etc/sid-msg.map \
    -g /var/snort/etc/gen-msg.map \
    -p /var/snort/etc/classification.config \
    -d /var/snort/log \
    -f snort-unified.log \
    -w /var/snort/log/snort-unified-log.waldo

note that -f and -w are changed.

Note also that you can add the following to your barnyard.conf file:
config sid-msg-map: /usr/local/share/snort/sid-msg.map
config gen-msg-map: /usr/local/share/snort/gen-msg.map
config class-file: /usr/local/share/snort/classification.config

(change the paths appropriately for the location of your map and configfiles)


And then you can shorten the commandline for starting barnyard to this:

/var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
    -d /var/snort/log -f snort-unified.log \
    -w /var/snort/log/snort-unified-log.waldo

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problem with barnyard 0.2.0 and snort 2.4.0 eric-list-snort-users (Aug 19)
- Re: Problem with barnyard 0.2.0 and snort 2.4.0 Paul Schmehl (Aug 20)
  - Re: Problem with barnyard 0.2.0 and snort 2.4.0 eric-list-snort-users (Aug 20)
    - Re: Problem with barnyard 0.2.0 and snort 2.4.0 Paul Schmehl (Aug 20)
    - Re: Problem with barnyard 0.2.0 and snort 2.4.0 eric-list-snort-users (Aug 20)
    - Re: Problem with barnyard 0.2.0 and snort 2.4.0 eric-list-snort-users (Aug 20)
    - Re: Problem with barnyard 0.2.0 and snort 2.4.0 eric-list-snort-users (Aug 20)
- Re: Problem with barnyard 0.2.0 and snort 2.4.0 Jason Brvenik (Sep 19)
  - Re: Problem with barnyard 0.2.0 and snort 2.4.0 Paul Schmehl (Sep 19)