Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0

from [Paul Schmehl] Network Security [Permanent Link]
Subject: Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0
Date: Mon, 19 Sep 2005 12:30:32 -0500
--On Saturday, August 20, 2005 13:57:01 -0400 Jason Brvenik <jason.brvenik@sourcefire.com> wrote: 

Next I start barnyard in the following manner...

 # /var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
    -s /var/snort/etc/sid-msg.map -g /var/snort/etc/gen-msg.map \
    -p /var/snort/etc/classification.config -d /var/snort/log \
    -f snort.log -w /var/snort/log/snort_ids.log


change that to

/var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
    -s /var/snort/etc/sid-msg.map \
    -g /var/snort/etc/gen-msg.map \
    -p /var/snort/etc/classification.config \
    -d /var/snort/log \
    -f snort-unified.log \
    -w /var/snort/log/snort-unified-log.waldo

note that -f and -w are changed.

Note also that you can add the following to your barnyard.conf file:
config sid-msg-map: /usr/local/share/snort/sid-msg.map
config gen-msg-map: /usr/local/share/snort/gen-msg.map
config class-file: /usr/local/share/snort/classification.config

(change the paths appropriately for the location of your map and config files)

And then you can shorten the commandline for starting barnyard to this:

/var/snort/bin/barnyard -c /var/snort/etc/barnyard.conf \
    -d /var/snort/log -f snort-unified.log \
    -w /var/snort/log/snort-unified-log.waldo

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] ACID/BASE vs PRELUDE, Ron Jenkins
Next by Date:  Re: [Snort-users] attention....please...i really need your help.., Paul Schmehl
Previous by Thread:  Re: [Snort-users] Problem with barnyard 0.2.0 and snort 2.4.0, Jason Brvenik
Next by Thread:  [Snort-users] mysql error 145 "mysql cannot open file xxx.myi", chrisnospam75-snortusers
Indexes:  [Date] [Thread] [Top] [All Lists]