How to install barnyard2


AllCloud Blog:
Cloud Insights and Innovation

Tested On

OS: CentOS 6.2 i386, CentOS 6.2 x86_64, CentOS 5.7 i386, CentOS 5.7 x86_64,
Snort Version: Version 2.9.3.1 IPv6 GRE (Build 40)
Banyard Version: 2-1.10
Hardware: Virtual Machine (VirtualBox 4.1.22)

About

Barnyard is an addon for snort. Barnyard let snort to write its log and alert data very fast in a binary files and then Barnyard read those files  and send them to whatever output you configure it, here we will configure to output the data to a mysql database in oreder to watch the data using php application called BASE.

Prerequisite

Install Barnyard

  • Install MySQL
yum install mysql mysql-devel git libtool -y
  • Download Barnyard and run autogen
cd /usr/local/src/snort
git clone https://github.com/firnsy/barnyard2.git barnyard2
cd barnyard2
./autogen.sh
  • Configure Barnyard
    • On i386 system
./configure --with-mysql
    • On x86_64 system
./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql
  • Install Barnyard
make && make install
  • Configure Barnyard start script to run at startup
cp rpm/barnyard2 /etc/init.d/
chmod +x /etc/init.d/barnyard2
cp rpm/barnyard2.config /etc/sysconfig/barnyard2
chkconfig --add barnyard2
  • Create links for Barnyard files and create archive directory
ln -s /usr/local/etc/barnyard2.conf /etc/snort/barnyard.conf
ln -s /usr/local/bin/barnyard2 /usr/bin/
mkdir /var/log/snort/eth0/archive/
  • Change barnyard running time and change -L to -l in barnyard2 startup script on “BARNY_OPTS=” line
vi /etc/init.d/barnyard2
...
# chkconfig: 2345 70 60
...
BARNYARD_OPTS="-D -c $CONF -d $SNORTDIR/${INT} -w $WALDO_FILE -l $SNORTDIR/${INT} -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE $EXTRA_ARGS"
...
chkconfig barnyard2 reset
  • Edit LOG_FILE variable in Barnyard sysconfig file
vi /etc/sysconfig/barnyard2
...  
LOG_FILE="snort.log"
...
  • Start Snort and Barnyard
service snortd start
service barnyard2 start

Barnyard installation completed. Now that we have Snort server and Barnyard writing Snort logs. We can now install frontend application like BASE or Snorby to see and analyze snort data in a convenient  web application.

Here is a link for Snorby Installation.
Here is a link for BASE Installation.

Lahav Savir

Founder and CTO, Cloud Platforms

Read more posts by Lahav Savir