[Snort-users] BASE/Barnyard2

Richard Lichvar rlichvar at ...14639...
Tue Aug 25 12:07:58 EDT 2009


Shawn,

 

Joel had already given me some feedback on my email. Thanks for yours,
though. It confirms what Joel said plus gives me a little more
information on BASE.

 

As it turns out, there is already a folder in /var/www/html for base and
I finally figured out the URL to get to it. (Required https.) Doesn't
seem to be anything there but I know from looking at Splunk that there
are log messages from Snort plus on the CentOS console messages are
being generated. (It's version 1.3.5 so maybe I'll upgrade it to 1.4.3.1
when I upgrade Snort to 2.8.4.)

 

You folks on the list are great!

 

RichLich

 

From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...] 
Sent: Tuesday, August 25, 2009 11:53 AM
To: Richard Lichvar; snort-users at lists.sourceforge.net
Subject: RE: BASE/Barnyard2

 

Hi Richard,

 

1.	snort -V

 

2.	While Snort can do it's own database output, it's much better to
allow another app like barnyard to do that.  Database inserts slow snort
down considerably, so I'd say that barnyard is definitely required for
any non-trivial installation.

 

3.	BASE 1.4.3.1 will work for you.  The installation is pretty
easy, and the readme file included with BASE outlines what's needed.
You will need apache installed of course, and some other dependency
packages (shown in the readme).

 

Hope that helps.

Shawn

 

________________________________

From: Richard Lichvar [mailto:rlichvar at ...14639...] 
Sent: Tuesday, August 25, 2009 8:23 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] BASE/Barnyard2

 

More newbie questions:

 

1.       How can I tell what version of Snort a predecessor installed?

2.       I've heard that Barnyard/Barnyard2 is no longer needed for
Snort. True? What has replaced it? (We have barnyard installed and
determining if we even need to upgrade to Barnyard2 if it is no longer
needed.)

3.       With Snort already installed (CentOS 5.3), what else is needed
to install BASE? (I'm looking at the step-by-step Snort/BASE
installation instructions on howtoforge.com.) What version(s) of Snort
will BASE 1.4.3.1 work with?

 

Many thanks for your help to this newbie!

 

RichLich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090825/50b23f0f/attachment.html>


More information about the Snort-users mailing list