[Snort-users] starting barnyard on system start

Alejandro Flores alejandrorflores at ...11827...
Fri Feb 11 03:29:31 EST 2005

Hello there,

I've wrote an init script for barnyard. It's very simple and it's
compatible with redhat/fedora chkconfig. Also I wrote a paper in
Portuguese (pt_BR) some time ago, about using barnyard with snort, and
I'm starting to translate it to english. When ready, I'll let you

-- barnyard init script --

# barnyard Start/Stop barnyard daemon
# Written by Alejandro Flores <alejandrorflores at ...11827...>
# chkconfig: 2345 42 62
# description: Output spool reader for Snort! This program decouples
output overhead from # the Snort network intrusion detection system
and allows Snort to run at full speed. It takes #input and output
plugins and can therefore be used to convert almost any spooled fil

. /etc/rc.d/init.d/functions

# Barnyard binary
# Executavel do barnyard

# Where to place processed logs
# Diretorio onde vão ficar os logs já processados

# Base dir for snort logs
# Diretório base dos logs do snort

# Unified log filename
# Nome do arquivo de log unified

# Barnyard config
# Configuração do barnyard

# where is sid-msg.map
# Localização do arquivo sid-msg.map

# where is gen-msg.map
# Localização do arquivo gen-msg.map

# where is classification.config
# Localização do arquivo classification.config

# where to place the barnyard bookmark
# Localização do bookmark do barnyard

case "$1" in
        if [ -f /var/lock/subsys/barnyard ]; then
            echo "Barnyard is already running."
        echo -n "Starting Barnyard: "
        daemon $BARNYARD \
        -c $CONFIG \
        -d $LOG_BASE \
        -a $PROCESSADOS \
        -f $LOG_FILE \
        -w $WALDO \
        -s $SIDMAP \
        -g $GENMAP \
        -p $CLASSCONF \
        touch /var/lock/subsys/barnyard

        echo -n "Stopping Barnyard"
        killproc barnyard
        rm /var/lock/subsys/barnyard


-- end

Save this in /etc/init.d/barnyard
if you're running redhat or fedora, run:
chkconfig --level 3 barnayrd on
If you run a different run level, you must change to your needs.
If you run other linux distro, just create the symlinks.

Alejandro Flores

On Fri, 11 Feb 2005 10:41:18 +0100, Lieker Heinrich <hlieker at ...12951...> wrote:
> Hello folks! 
> Can anyone of you tell me, how I can start barnyard at system start of my
> linux? I think I need a script that I can link under /etc/init.d with the
> runlevels as S* and K*, but I can't write that. Does anyone have a script or
> something like that? 
> Thank you 
> Regards, 
> Heinrich

More information about the Snort-users mailing list