Installing and Configuring Barnyard

Problem

You want to use Barnyard to process your Snort alerts and logs.

Solution

To install Barnyard, use the following commands:

[root@localhost root]# tar zxvf barnyard-0.2.0.tar.gz [root@localhost barnyard-0.2.0]# cd barnyard-0.2.0 [root@localhost barnyard-0.2.0]# ./configure [root@localhost barnyard-0.2.0]# make [root@localhost barnyard-0.2.0]# make install

Also, by default, Barnyard does not install with database support. If you plan on using the ACID database output plug-in, configure Barnyard with database support using the following MySQL option:

[root@localhost barnyard-0.2.0]# ./configure --enable-mysql

 

Discussion

Barnyard is used to take the log processing load off of the Snort engine. Barnyard processing is controlled by input processors and output plug-ins. The input processors read information in from a specified format and the output plug-ins write that information in a variety of ways. Barnyard allows Snort to efficiently write data to disk so it does not miss any network traffic. Barnyard then performs the task of parsing binary data into various formats. Once Barnyard is installed, you can see usage information by just typing barnyard:

[root@localhost barnyard-0.2.0]# barnyard

 

See Also

http://www.snort.org/dl/barnyard/

Recipe 2.2

Recipe 2.3

Recipe 2.1

Recipe 2.5

Recipe 2.6

Recipe 2.17

Recipe 2.18

Administering Snort with IDS Policy Manager

Категории