Version vom 11. Oktober 2018, 12:52 Uhr

Vorbereitung

apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool
apt-get install libpcap-dev libprelude-dev

Edit /etc/snort/snort.conf

change

#output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
output unified2: filename snort.log, limit 128, mpls_event_types, vlan_event_types

Compile and Install Barnyard2

git clone git://github.com/firnsy/barnyard2.git
cd barnyard2
./autogen.sh
CFLAGS='-lpthread'
./configure --with-mysql-libraries=/usr/lib/x86_64-linux-gnu
apt-get install libdumbnet-dev
ln -s /usr/include/dumbnet.h /usr/include/dnet.h
ldconfig
make
make install
cp etc/barnyard2.conf /etc/snort/
touch /var/log/snort/barnyard2.waldo

Settings bayrnard2.conf

cat /etc/snort/barnyard2.conf

config reference_file:      /etc/snort/reference.config
config classification_file: /etc/snort/classification.config
config gen_file:            /etc/snort/gen-msg.map
config sid_file:            /etc/snort/sid-msg.map
config logdir: /var/log/barnyard2
config waldo_file: /var/log/snort/barnyard2.waldo
config archivedir: /var/log/snort
input unified2
output alert_fast: stdout
output database: log, mysql, user=snort password=snort dbname=snort host=localhost

Database Settings

sudo mysql -u root -p
mysql > create database snort;
mysql > use snort;
mysql > source /root/barnyard2/schemas/create_mysql
mysql > CREATE USER 'snort'@'localhost' IDENTIFIED BY 'snort'*
mysql > grant create, insert, select, delete, update on snort.* to 'snort'@'localhost';

Barnyard2 Installation Linux: Unterschied zwischen den Versionen

Version vom 11. Oktober 2018, 12:52 Uhr

Inhaltsverzeichnis

Vorbereitung

Edit /etc/snort/snort.conf

Compile and Install Barnyard2

Settings bayrnard2.conf

Database Settings

Navigationsmenü

Suche