Problem
You want to use Barnyard to process your Snort alerts and logs.
Solution
To install Barnyard, use the following commands:
[root@localhost root]# tar zxvf barnyard-0.2.0.tar.gz [root@localhost barnyard-0.2.0]# cd barnyard-0.2.0 [root@localhost barnyard-0.2.0]# ./configure [root@localhost barnyard-0.2.0]# make [root@localhost barnyard-0.2.0]# make install
Also, by default, Barnyard does not install with database support. If you plan on using the ACID database output plug-in, configure Barnyard with database support using the following MySQL option:
[root@localhost barnyard-0.2.0]# ./configure --enable-mysql
Discussion
Barnyard is used to take the log processing load off of the Snort engine. Barnyard processing is controlled by input processors and output plug-ins. The input processors read information in from a specified format and the output plug-ins write that information in a variety of ways. Barnyard allows Snort to efficiently write data to disk so it does not miss any network traffic. Barnyard then performs the task of parsing binary data into various formats. Once Barnyard is installed, you can see usage information by just typing barnyard:
[root@localhost barnyard-0.2.0]# barnyard
See Also
http://www.snort.org/dl/barnyard/
Recipe 2.2
Recipe 2.3
Recipe 2.1
Recipe 2.5
Recipe 2.6
Recipe 2.17
Recipe 2.18
Administering Snort with IDS Policy Manager |
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance
Index