[Snort-users] Barnyard 0.1.5 and mysql

Chris Eidem jceidem at ...2191...
Wed Nov 14 12:10:06 EST 2001


Tom,

The docs with the source are really pretty much all you need, but here
an overview on how to use it:

1) use snort 1.8.2 - this has the best barnyard support
2) compile barnyard - you can either download the 0.1.4 tarball or get
0.1.5 from cvs (see http://sourceforge.net/projects/barnyard/ for more
info)
2a) untar 
2b) ./configure --with-mysql (if you want db access)
2c) make && make install
3) edit your snort.conf to enable unified logging
4) edit your barnyard.conf to output as you see fit (I'm having it dump
into a mysql db on a Win2k box and then running ACID on that)
5) run snort - ./snort -c snort.conf [add other switches as needed]
6) run barnyard - ./barnyard -c barnyard.conf -s
/usr/local/snort/sid-msg.map -g /usr/local/snort/gen-msg.map -d
/var/log/snort -f snort.log 

You'll have to watch over your own switches as these are the ones I use
and I'm not talking about where files (*map, barnyard.conf and so on
belong), but I suspect that they may work for a great many installations
out there.  I'll put together a quick-and-dirty how-to tonight or
tomorrow night and let everyone know where it is.  

It really isn't all that hard, especially if you have snort running
already as the config file has been lifted pretty much as is from
snort.conf.

Hope this helps and don't be afraid to ask if you need specific help,
Chris

> -----Original Message-----
> From: Tom Sevy [mailto:tsevy at ...1701...]
> Sent: Wednesday, November 14, 2001 1:22 PM
> To: 'Andrew R. Baker'; Chris Eidem
> Subject: RE: [Snort-users] Barnyard 0.1.5 and mysql
> 
> 
> Andrew & Chris,
> 
> I want to install & use Barnyard.  Is there a faq/how-to for 
> it?  I only was
> able to find the download....
> 




More information about the Snort-users mailing list