[Snort-users] starting barnyard on system start
alejandrorflores at ...11827...
Fri Feb 11 03:29:31 EST 2005
I've wrote an init script for barnyard. It's very simple and it's
compatible with redhat/fedora chkconfig. Also I wrote a paper in
Portuguese (pt_BR) some time ago, about using barnyard with snort, and
I'm starting to translate it to english. When ready, I'll let you
-- barnyard init script --
# barnyard Start/Stop barnyard daemon
# Written by Alejandro Flores <alejandrorflores at ...11827...>
# chkconfig: 2345 42 62
# description: Output spool reader for Snort! This program decouples
output overhead from # the Snort network intrusion detection system
and allows Snort to run at full speed. It takes #input and output
plugins and can therefore be used to convert almost any spooled fil
# Barnyard binary
# Executavel do barnyard
# Where to place processed logs
# Diretorio onde vão ficar os logs já processados
# Base dir for snort logs
# Diretório base dos logs do snort
# Unified log filename
# Nome do arquivo de log unified
# Barnyard config
# Configuração do barnyard
# where is sid-msg.map
# Localização do arquivo sid-msg.map
# where is gen-msg.map
# Localização do arquivo gen-msg.map
# where is classification.config
# Localização do arquivo classification.config
# where to place the barnyard bookmark
# Localização do bookmark do barnyard
case "$1" in
if [ -f /var/lock/subsys/barnyard ]; then
echo "Barnyard is already running."
echo -n "Starting Barnyard: "
daemon $BARNYARD \
-c $CONFIG \
-d $LOG_BASE \
-a $PROCESSADOS \
-f $LOG_FILE \
-w $WALDO \
-s $SIDMAP \
-g $GENMAP \
-p $CLASSCONF \
echo -n "Stopping Barnyard"
Save this in /etc/init.d/barnyard
if you're running redhat or fedora, run:
chkconfig --level 3 barnayrd on
If you run a different run level, you must change to your needs.
If you run other linux distro, just create the symlinks.
On Fri, 11 Feb 2005 10:41:18 +0100, Lieker Heinrich <hlieker at ...12951...> wrote:
> Hello folks!
> Can anyone of you tell me, how I can start barnyard at system start of my
> linux? I think I need a script that I can link under /etc/init.d with the
> runlevels as S* and K*, but I can't write that. Does anyone have a script or
> something like that?
> Thank you
More information about the Snort-users