Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: barnyard

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 27 Jan 2006 22:21:16 -0600
--On January 27, 2006 4:47:14 PM -0800 Brian Krusic <brian () krusic com> wrote: 

My command line;

barnard -c /usr/local/barnyard/etc/barnyard.conf -d /var/log/snort -g
/usr/local/snort/etc/gen-msg.map -s /usr/local/snort/etc/sid-msg.map -f
snort.alert


You can run barnyard with this:
barnyard -c /path/to/conffile -d /path/to/logdir -f logfilename

If you do this in the barnyard.conf file
config sid-msg-map: /path/to/sid-msg.map
config gen-msg=map: /path/to/gen-msg.map
config class-file: /path/to/classification.config
This is not in the docs, but it is in the source code. (I'm the FreeBSD port maintainer for barnyard.)
Barnyard can output directly to a text file, to a pcap file, to a database (mysql or postgresql) or to sguil. 

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: