[Snort-users] starting barnyard on system start

Alejandro Flores alejandrorflores at ...11827...
Fri Feb 11 03:29:31 EST 2005


Hello there,

I've wrote an init script for barnyard. It's very simple and it's
compatible with redhat/fedora chkconfig. Also I wrote a paper in
Portuguese (pt_BR) some time ago, about using barnyard with snort, and
I'm starting to translate it to english. When ready, I'll let you
know.

-- barnyard init script --

#!/bin/bash
#
# barnyard Start/Stop barnyard daemon
#
# Written by Alejandro Flores <alejandrorflores at ...11827...>
#
# chkconfig: 2345 42 62
# description: Output spool reader for Snort! This program decouples
output overhead from # the Snort network intrusion detection system
and allows Snort to run at full speed. It takes #input and output
plugins and can therefore be used to convert almost any spooled fil
#

. /etc/rc.d/init.d/functions

# Barnyard binary
# Executavel do barnyard
BARNYARD=/usr/local/bin/barnyard

# Where to place processed logs
# Diretorio onde vão ficar os logs já processados
PROCESSADOS=/var/log/snort-processados

# Base dir for snort logs
# Diretório base dos logs do snort
LOG_BASE=/var/log/snort

# Unified log filename
# Nome do arquivo de log unified
LOG_FILE=snort.log

# Barnyard config
# Configuração do barnyard
CONFIG=/etc/barnyard.conf

# where is sid-msg.map
# Localização do arquivo sid-msg.map
SIDMAP=/etc/snort/sid-msg.map

# where is gen-msg.map
# Localização do arquivo gen-msg.map
GENMAP=/etc/snort/gen-msg.map

# where is classification.config
# Localização do arquivo classification.config
CLASSCONF=/etc/snort/classification.config

# where to place the barnyard bookmark
# Localização do bookmark do barnyard
WALDO=/var/log/snort/waldo

case "$1" in
    start)
        if [ -f /var/lock/subsys/barnyard ]; then
            echo "Barnyard is already running."
            exit
        fi
        echo -n "Starting Barnyard: "
        daemon $BARNYARD \
        -c $CONFIG \
        -d $LOG_BASE \
        -a $PROCESSADOS \
        -f $LOG_FILE \
        -w $WALDO \
        -s $SIDMAP \
        -g $GENMAP \
        -p $CLASSCONF \
        -D
        touch /var/lock/subsys/barnyard
        ;;

    stop)
        echo -n "Stopping Barnyard"
        killproc barnyard
        rm /var/lock/subsys/barnyard
        ;;

esac

-- end

Save this in /etc/init.d/barnyard
if you're running redhat or fedora, run:
chkconfig --level 3 barnayrd on
If you run a different run level, you must change to your needs.
If you run other linux distro, just create the symlinks.

Regards,
Alejandro Flores

On Fri, 11 Feb 2005 10:41:18 +0100, Lieker Heinrich <hlieker at ...12951...> wrote:
>  
> Hello folks! 
>   
> Can anyone of you tell me, how I can start barnyard at system start of my
> linux? I think I need a script that I can link under /etc/init.d with the
> runlevels as S* and K*, but I can't write that. Does anyone have a script or
> something like that? 
>   
> Thank you 
>   
>   
> Regards, 
> Heinrich




More information about the Snort-users mailing list