Barnyard is an addon for snort. Barnyard let snort to write its log and alert data very fast in a binary files and then Barnyard read those files and send them to whatever output you configure it, here we will configure to output the data to a mysql database in oreder to watch the data using php application called BASE.




Install Barnyard

  • Install MySQL
  • Create MySQL DB and Set permission
  • Download Barnyard
  • Extract Barnyard
  • Configure Barnyard
    • On i386 system
    • On x86_64 system
  • Install Barnyard
  • Configure Barnyard start script to run at startup
  • Create links for Barnyard files and directory for archive files
  • Make the following changes in barnyard2 startup script

source /etc/rc.d/init.d/functons
source /etc/sysconfig/network 

### Check that networking is up.
[ "${NETWORKING}" == "no" ] && exit 0 

### Read configuration
[ -r "$SYSCONFIG" ] && . "$SYSCONFIG"
        for INT in $INTERFACES; do
daemon $prog $BARNYARD_OPTS
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
killall $prog
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
killall $prog
        [ -e /var/lock/subsys/$prog ] && restart
  • Edit LOG_FILE variable in Barnyard default config file
  • Edit Barnyard config file and change the output line to
    output database: log, mysql, user=snort password=snort dbname=snort host=localhost
  • Start Snort and Barnyard
Barnyard installation completed. Now that we have Snort server and Barnyard writing Snort logs and alerts to a MySQL database we can install frontend application like BASE to see and analyze snort data in aconvenient web application.
