Re: Install Snort2.9.2.3 and Snortsam

[kay <kay.diam () gmail com>]

Dear Tran,

Snort should be configured to write unified2 logs, i.e.
output alert_unified2: filename snort.alert, limit 128, nostamp

Barnyard2 1.10 should be configured to read unified2 logs, i.e.:
input unified2

And output to snortsam plugin. You can find examples here
https://github.com/firnsy/barnyard2/blob/master/doc/README.snortsam

And you should start barnyard2 by the following command line:
barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f
snort.alert -w /var/log/snort/snort.waldo # use -D to daemonize


2012/7/12 Tran M. Thang <tmthang () vncert vn>:
> Dir Sir,
>
> Thanks you for your suggestion.
> I tried installing Snort2.9.2.2 and using snortsam-2.9.2.2.diff but i got the same problems. Could you please tell me 
> how to use barnyard2 associating with snortsam.
>
> Thanks.
>
>
>
> ----- Original Message -----
> From: "kay" <kay.diam () gmail com>
> To: snort-users () lists sourceforge net
> Sent: Thursday, July 12, 2012 1:00:38 AM
> Subject: Re: [Snort-users] Install Snort2.9.2.3 and Snortsam
>
> Why don't you use barnyard2 with the default snortsam output plugin?
> And you are trying to install snortsam patch which was made for
> 2.9.2.2 on Snort 2.9.2.3, it is not a good idea.
>
> 2012/7/12 Tran M. Thang <tmthang () vncert vn>:
> > Hi everyone!
> >
> > Any one can help me to install snort2.9.2.3 and plugin snortsam? After path snort using snortsam-2.9.2.2.diff, and 
> > using command  ./configure --enable-sourcefire, i get error:
> >
> > ./configure: line 16277: syntax error near unexpected token `RAZORBACK,'
> > ./configure: line 16277: `    PKG_CHECK_MODULES(RAZORBACK, razorback >= 0.1.3, , LRZB=no)'
> >
> > So, please help me to solve it.
> >
> > Thanks
> >
> > ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!