[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] barnyard
From:       Paul Schmehl <pauls () utdallas ! edu>
Date:       2006-01-28 4:21:16
Message-ID: 01A667BDD18F1F97A655A8DE () Paul-Schmehls-Computer ! local
[Download RAW message or body]

--On January 27, 2006 4:47:14 PM -0800 Brian Krusic <brian@krusic.com> 
wrote:
>
> My command line;
>
> barnard -c /usr/local/barnyard/etc/barnyard.conf -d /var/log/snort -g
> /usr/local/snort/etc/gen-msg.map -s /usr/local/snort/etc/sid-msg.map -f
> snort.alert
>
You can run barnyard with this:
barnyard -c /path/to/conffile -d /path/to/logdir -f logfilename

If you do this in the barnyard.conf file
config sid-msg-map: /path/to/sid-msg.map
config gen-msg=map: /path/to/gen-msg.map
config class-file: /path/to/classification.config

This is not in the docs, but it is in the source code.  (I'm the FreeBSD 
port maintainer for barnyard.)

Barnyard can output directly to a text file, to a pcap file, to a database 
(mysql or postgresql) or to sguil.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]