Installing and Configuring Barnyard

Problem

You want to use Barnyard to process your Snort alerts and logs.

Solution

To install Barnyard, use the following commands:

[root@localhost root]# tar zxvf barnyard-0.2.0.tar.gz

[root@localhost barnyard-0.2.0]# cd barnyard-0.2.0

[root@localhost barnyard-0.2.0]# ./configure

[root@localhost barnyard-0.2.0]# make

[root@localhost barnyard-0.2.0]# make install

Also, by default, Barnyard does not install with database support. If you plan on using the ACID database output plug-in, configure Barnyard with database support using the following MySQL option:

[root@localhost barnyard-0.2.0]# ./configure --enable-mysql

 

Discussion

Barnyard is used to take the log processing load off of the Snort engine. Barnyard processing is controlled by input processors and output plug-ins. The input processors read information in from a specified format and the output plug-ins write that information in a variety of ways. Barnyard allows Snort to efficiently write data to disk so it does not miss any network traffic. Barnyard then performs the task of parsing binary data into various formats. Once Barnyard is installed, you can see usage information by just typing barnyard:

[root@localhost barnyard-0.2.0]# barnyard

 

See Also

http://www.snort.org/dl/barnyard/

Recipe 2.2

Recipe 2.3

Recipe 2.1

Recipe 2.5

Recipe 2.6

Recipe 2.17

Recipe 2.18

Administering Snort with IDS Policy Manager

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index



Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net