[Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0

Paul Schmehl pauls at ...6838...
Mon Sep 19 10:31:26 EDT 2005


--On Saturday, August 20, 2005 13:57:01 -0400 Jason Brvenik 
<jason.brvenik at ...1935...> wrote:
>>
>> Next I start barnyard in the following manner...
>>
>>  # /var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
>>     -s /var/snort/etc/sid-msg.map -g /var/snort/etc/gen-msg.map \
>>     -p /var/snort/etc/classification.config -d /var/snort/log \
>>     -f snort.log -w /var/snort/log/snort_ids.log
>
> change that to
>
> /var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
>     -s /var/snort/etc/sid-msg.map \
>     -g /var/snort/etc/gen-msg.map \
>     -p /var/snort/etc/classification.config \
>     -d /var/snort/log \
>     -f snort-unified.log \
>     -w /var/snort/log/snort-unified-log.waldo
>
> note that -f and -w are changed.
>
Note also that you can add the following to your barnyard.conf file:
config sid-msg-map: /usr/local/share/snort/sid-msg.map
config gen-msg-map: /usr/local/share/snort/gen-msg.map
config class-file: /usr/local/share/snort/classification.config

(change the paths appropriately for the location of your map and config 
files)

And then you can shorten the commandline for starting barnyard to this:

/var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
     -d /var/snort/log -f snort-unified.log \
     -w /var/snort/log/snort-unified-log.waldo

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list