[Snort-users] barnyard regular restart required

Joel Esler eslerj at ...11827...
Thu Mar 12 09:24:59 EDT 2009


Paul,
This goes for the config options for Snort too.  I notice a lot of people
try and stack them all on the command line as well.

J

On Wed, Mar 11, 2009 at 11:54 PM, Paul Schmehl <pschmehl_lists at ...14358...>wrote:

> --On March 11, 2009 8:53:59 PM -0500 Ian Masters <ian at ...12163...> wrote:
>
> >
> > Bamm
> >
> > Sorry for the delay replying.
> >
> >> 1) grep -v '^#' barnyard.conf | grep -v ^$
> >
> > config daemon
> > config localtime
> > config hostname: mail-op-snort
> > config interface: eth0
> > config filter: not port 22
> > output alert_acid_db: mysql, sensor_id 1, database snort, server
> > localhost, user snort, password xxxxxxxx
> > output log_acid_db: mysql, database snort, server localhost, user snort,
> > password xxxxxxxx, detail full
> >
> >> 2) Command line used to start barnyard
> >
> > /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -g
> > /etc/snort/gen-msg.map -s /etc/snort/sid-msg.map -d /var/log/snort -f
> > snort.log -w /var/log/snort/barnyard.waldo -D
>
> Sorry to interrupt, but I'm going to keep posting this in the hope that
> more will see it.
>
> If you read the source for barnyard, you can include the following in your
> barnyard.conf file and eliminate them from the command line used to start
> barnyard:
>
> config class-file: /etc/snort/classification.config
> config sid-msg-map: /etc/snort/sid-msg.map
> config gen-msg-map: /etc/snort/gen-msg.map
>
> In your case that would shorten the startup line as follows:
>
> /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -d /var/log/snort -f
> snort.log -w /var/log/snort/barnyard.waldo -D
>
> Paul Schmehl, If it isn't already
> obvious, my opinions are my own
> and not those of my employer.
> ******************************************
> WARNING: Check the headers before replying
>
>
>
> ------------------------------------------------------------------------------
> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> easily build your RIAs with Flex Builder, the Eclipse(TM)based development
> software that enables intelligent coding and step-through debugging.
> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler
T: 302-223-5974 (-) Gtalk: jesler at ...1935...
[m]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090312/c095237e/attachment.html>


More information about the Snort-users mailing list