Ben's notes

Link to this comparison view

--- snort_and_snorby [2014/05/09 21:42] – [Install and start Snorby] admin
+++ snort_and_snorby [2021/10/09 15:14] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
+{{tag>[security snort]}}
 =====Snort and Snorby=====
 This guide will help you install a Snort sensor and the Snorby web interface.
@@ Line 109: / Line 112: @@
 Create a sample rules file (eg. look at etc/barnyard2.conf)
 barnyard2 -?
+edit /usr/local/etc/barnyard2.conf
+config reference_file:      /usr/local/snort/etc/reference.config
+config classification_file: /usr/local/snort/etc/classification.config
+config gen_file:            /usr/local/snort/etc/gen-msg.map
+config sid_file:            /usr/local/snort/etc/sid-msg.map
+config logdir: /mnt/snort/log
+config hostname:   snort
+config interface:  eth1
+config daemon
+config waldo_file: /mnt/snort/bylog.waldo
+config archivedir: /mnt/snort/archive
+input unified2
+output alert_fast: /mnt/snort/log/barnyard2.alert
+output database: log, mysql, user=snort password=snortpass dbname=snorby host=snorby
+ln -s /etc/snort/gen-msg.map /usr/local/snort/etc
+/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /mnt/snort/log -f snort_eth1.u2
 </code>