[Snort-users] barnyard regular restart required

Paul Schmehl pschmehl_lists at ...14358...
Wed Mar 11 23:54:24 EDT 2009

--On March 11, 2009 8:53:59 PM -0500 Ian Masters <ian at ...12163...> wrote:

> Bamm
> Sorry for the delay replying.
>> 1) grep -v '^#' barnyard.conf | grep -v ^$
> config daemon
> config localtime
> config hostname: mail-op-snort
> config interface: eth0
> config filter: not port 22
> output alert_acid_db: mysql, sensor_id 1, database snort, server
> localhost, user snort, password xxxxxxxx
> output log_acid_db: mysql, database snort, server localhost, user snort,
> password xxxxxxxx, detail full
>> 2) Command line used to start barnyard
> /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g
> /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
> snort.log -w /var/log/snort/barnyard.waldo -D

Sorry to interrupt, but I'm going to keep posting this in the hope that 
more will see it.

If you read the source for barnyard, you can include the following in your 
barnyard.conf file and eliminate them from the command line used to start 

config class-file: /etc/snort/classification.config
config sid-msg-map: /etc/snort/sid-msg.map
config gen-msg-map: /etc/snort/gen-msg.map

In your case that would shorten the startup line as follows:

/usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort -f 
snort.log -w /var/log/snort/barnyard.waldo -D

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
WARNING: Check the headers before replying

More information about the Snort-users mailing list