Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
snort_and_snorby

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
snort_and_snorby [2014/05/09 21:56] – [Install and start Snorby] adminsnort_and_snorby [2021/10/09 15:14] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +{{tag>[security snort]}}
 +
 +
 =====Snort and Snorby===== =====Snort and Snorby=====
 This guide will help you install a Snort sensor and the Snorby web interface. This guide will help you install a Snort sensor and the Snorby web interface.
Line 111: Line 114:
  
 edit /usr/local/etc/barnyard2.conf edit /usr/local/etc/barnyard2.conf
 +
 +config reference_file:      /usr/local/snort/etc/reference.config
 +config classification_file: /usr/local/snort/etc/classification.config
 +config gen_file:            /usr/local/snort/etc/gen-msg.map
 +config sid_file:            /usr/local/snort/etc/sid-msg.map
 +config logdir: /mnt/snort/log
 +config hostname:   snort
 +config interface:  eth1
 +config daemon
 +config waldo_file: /mnt/snort/bylog.waldo
 +config archivedir: /mnt/snort/archive
 +input unified2
 +output alert_fast: /mnt/snort/log/barnyard2.alert
 +output database: log, mysql, user=snort password=snortpass dbname=snorby host=snorby
 +
 +
 ln -s /etc/snort/gen-msg.map /usr/local/snort/etc ln -s /etc/snort/gen-msg.map /usr/local/snort/etc
-/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /mnt/snort/log -f snort_eth1.u2 -w /mnt/snort/bylog.waldo+/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /mnt/snort/log -f snort_eth1.u2
 </code> </code>
snort_and_snorby.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1