Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BASE/Barnyard2

From: "Richard Lichvar" <rlichvar () sainc com>
Date: Tue, 25 Aug 2009 12:07:58 -0400
Shawn,

 

Joel had already given me some feedback on my email. Thanks for yours,
though. It confirms what Joel said plus gives me a little more
information on BASE.

 

As it turns out, there is already a folder in /var/www/html for base and
I finally figured out the URL to get to it. (Required https.) Doesn't
seem to be anything there but I know from looking at Splunk that there
are log messages from Snort plus on the CentOS console messages are
being generated. (It's version 1.3.5 so maybe I'll upgrade it to 1.4.3.1
when I upgrade Snort to 2.8.4.)

 

You folks on the list are great!

 

RichLich

 

From: Jefferson, Shawn [mailto:Shawn.Jefferson () bcferries com] 
Sent: Tuesday, August 25, 2009 11:53 AM
To: Richard Lichvar; snort-users () lists sourceforge net
Subject: RE: BASE/Barnyard2

 

Hi Richard,

 

1.      snort -V

 

2.      While Snort can do it's own database output, it's much better to
allow another app like barnyard to do that.  Database inserts slow snort
down considerably, so I'd say that barnyard is definitely required for
any non-trivial installation.

 

3.      BASE 1.4.3.1 will work for you.  The installation is pretty
easy, and the readme file included with BASE outlines what's needed.
You will need apache installed of course, and some other dependency
packages (shown in the readme).

 

Hope that helps.

Shawn

 

________________________________

From: Richard Lichvar [mailto:rlichvar () sainc com] 
Sent: Tuesday, August 25, 2009 8:23 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] BASE/Barnyard2

 

More newbie questions:

 

1.       How can I tell what version of Snort a predecessor installed?

2.       I've heard that Barnyard/Barnyard2 is no longer needed for
Snort. True? What has replaced it? (We have barnyard installed and
determining if we even need to upgrade to Barnyard2 if it is no longer
needed.)

3.       With Snort already installed (CentOS 5.3), what else is needed
to install BASE? (I'm looking at the step-by-step Snort/BASE
installation instructions on howtoforge.com.) What version(s) of Snort
will BASE 1.4.3.1 work with?

 

Many thanks for your help to this newbie!

 

RichLich


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: