Installing and Configuring Barnyard
Problem
You want to use Barnyard to process your Snort alerts and logs.
Solution
To install Barnyard, use the following commands:
[root@localhost root]# tar zxvf barnyard-0.2.0.tar.gz [root@localhost barnyard-0.2.0]# cd barnyard-0.2.0 [root@localhost barnyard-0.2.0]# ./configure [root@localhost barnyard-0.2.0]# make [root@localhost barnyard-0.2.0]# make install
Also, by default, Barnyard does not install with database support. If you plan on using the ACID database output plug-in, configure Barnyard with database support using the following MySQL option:
[root@localhost barnyard-0.2.0]# ./configure --enable-mysql
Discussion
Barnyard is used to take the log processing load off of the Snort engine. Barnyard processing is controlled by input processors and output plug-ins. The input processors read information in from a specified format and the output plug-ins write that information in a variety of ways. Barnyard allows Snort to efficiently write data to disk so it does not miss any network traffic. Barnyard then performs the task of parsing binary data into various formats. Once Barnyard is installed, you can see usage information by just typing barnyard:
[root@localhost barnyard-0.2.0]# barnyard
See Also
http://www.snort.org/dl/barnyard/
Recipe 2.2
Recipe 2.3
Recipe 2.1
Recipe 2.5
Recipe 2.6
Recipe 2.17
Recipe 2.18
Administering Snort with IDS Policy Manager
|