Snort mailing list archives
RE: Another Barnyard Question
From: "Lance Boon" <lboon () firststatebanksw com>
Date: Fri, 25 Jun 2004 15:26:32 -0500
Thanks, I'm ordering the new 2.1 book tonight; just another quick question do I need to worry about the classification.config file or when I put the changes you suggested will they take care of it as well? Is there a really good readme, usage, etc on setting up and using barnyard? None of the readme, usage or faq files that are in the barnyard-0.2.0.tar.gz cover the usage of the config sid-msg-map etc for configuration declarations. Once again thanks for all of the help. Thanks Lance -----Original Message----- From: Andrew R. Baker [mailto:andrewb () snort org] Sent: Friday, June 25, 2004 1:51 PM To: Lance Boon Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Another Barnyard Question Lance Boon wrote:
I'm trying to get barnyard-0.2.0.tar.gz setup and running on my remote sensors logging to a centralized MySql database. I've got the Snort
2.0
Intrusion Detection book and reading through it on page 431 it says
that
"Some recent additions to the barnyard.conf file will allow us to actually run Barnyard without the -g and -s switches. These files can
be
preconfigured within the "configuration declarations" section of the barnyard.conf file. " For example: config generator-map: gen-msg.map config signature-map: sid-msg.map
The Snort 2.0 book is not very useful for Barnyard 0.2 as a number of things changed. The updated version from Syngress (Snort 2.1) documents all of the changes in Barnyard 0.2. For the config file on 0.2, try using these instead: config sid-msg-map: /path/to/sid-msg.map config gen-msg-map: /path/to/gen-msg.map -A ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Another Barnyard Question Lance Boon (Jun 25)
- Re: Another Barnyard Question Andrew R. Baker (Jun 25)
- <Possible follow-ups>
- RE: Another Barnyard Question Lance Boon (Jun 25)