About
Barnyard is an addon for snort. Barnyard let snort to write
its log and alert data very fast in a binary files and then Barnyard
read those files and send them to whatever output you configure it, here
we will configure to output the data to a mysql database in oreder to
watch the data using php application called BASE.
Prerequisite
Install Barnyard
- Install MySQL
- Create MySQL DB and Set permission
- Download Barnyard
- Extract Barnyard
- Configure Barnyard
- On i386 system
- On x86_64 system
- Install Barnyard
- Configure Barnyard start script to run at startup
- Create links for Barnyard files and directory for archive files
- Make the following changes in barnyard2 startup script
...
source /etc/rc.d/init.d/functons
source /etc/sysconfig/network
### Check that networking is up.
[ "${NETWORKING}" == "no" ] && exit 0
...
SYSCONFIG="/etc/default/barnyard2"
### Read configuration
[ -r "$SYSCONFIG" ] && . "$SYSCONFIG"
...
for INT in $INTERFACES; do
PIDFILE="/var/lock/subsys/barnyard2-$INT.pid"
ARCHIVEDIR="$SNORTDIR/$INT/archive"
...
BARNYARD_OPTS="-D -c $CONF -d $SNORTDIR/${INT} -w $WALDO_FILE -l $SNORTDIR/${INT} -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE $EXTRA_ARGS"
daemon $prog $BARNYARD_OPTS
...
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
...
killall $prog
...
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
...
killall $prog
...
condrestart)
[ -e /var/lock/subsys/$prog ] && restart
...- Edit LOG_FILE variable in Barnyard default config file
...
LOG_FILE="snort.log"
... ...
output database: log, mysql, user=snort password=snort dbname=snort host=localhost
...
Barnyard installation completed. Now that we have Snort server and
Barnyard writing Snort logs and alerts to a MySQL database we can
install frontend application like BASE to see and analyze snort data in
aconvenient web application.
Here is a link for BASE Installation.
No comments:
Post a Comment