Beruflich Dokumente
Kultur Dokumente
com
Barnyard2 is a way to store and process the binary outputs from Snort into a MySQL database.
Before we begin
Please note that if you do not have snort installed on your system, we have a guide for installing
snort on debian systems (https://www.vultr.com/docs/how-to-configure-snort-on-debian). You
must have snort installed in order for this system to work.
https://www.vultr.com/docs/setup-barnyard-2-with-snort 1/5
2/5/2018 Setup Barnyard 2 With Snort - Vultr.com
Pre-install configuration
If you don't have MySQL installed you can install it with the following command,
If you don't have the network intrusion detection system (IDS) Snort installed and configured,
please consult the documentation installation documentation (https://www.vultr.com/docs/how-
to-configure-snort-on-debian)
Setting up Barnyard2
In order to install Barnyard we need to grab the source from Barnyard2's github page
(https://github.com/firnsy/barnyard2).
cd /usr/src
sudo git clone https://github.com/firnsy/barnyard2 barnyard_src
cd barnyard_src
Now that we have the source for barnyard we need to autoreconf barnyard.
Once that is finished have to make a symlink to the dumbnet library as dnet.
Because we essentially made a new system library we have to update the system's library cache.
This can be done by issuing the following command:
sudo ldconfig
This part is important because it depends on whether or not your system is a 64 bit system or a 32
bit system.
If you are unsure as to whether or not your system is 64 bit or 32 bit, you can either use uname -m
or arch to achieve this.
cd /usr/src/barnyard_src
./configure --with-mysql --with-mysql-libraries=/usr/lib/YOUR-ARCH-HERE-linux-gnu
https://www.vultr.com/docs/setup-barnyard-2-with-snort 2/5
2/5/2018 Setup Barnyard 2 With Snort - Vultr.com
make
sudo make install
Copying configurations
In order to set up barnyard properly and let it work with our system we need to copy over our
configuration files. Also, please note, while I tested this I had to create the log directory for
barnyard2 otherwise running it would fail.
Now that our barnyard instance has been mostly set up we need to create and associate a
database with our setup.
mysql -u root -p
create database snort;
use snort;
source /usr/src/barnyard_src/schemas/create_mysql
CREATE USER 'snort'@'localhost' IDENTIFIED BY 'MYPASSWORD';
grant create, insert, select, delete, update on snort.* to snort@localhost;
exit;
In case you didn't happen to change the password in the above command, you can reset the
password by re-entering the mysql command and entering
At the very bottom of your /etc/snort/barnyard2.conf file add the following and edit the
password to what you set above.
For security purposes, we need to lock down our barnyard.conf file because it contains your
database password in cleartext.
Testing
https://www.vultr.com/docs/setup-barnyard-2-with-snort 3/5
2/5/2018 Setup Barnyard 2 With Snort - Vultr.com
You can test snort by having it run in alert mode using your config file.
Once snort is running, open another terminal and ping that system's address, you should be able
to see the messages on your main terminal.
Now that you have some data in your snort logs, you should be able to test barnyard against it.
After starting barnyard, once Waiting for new data appears you can quit the application by
pressing ctrl + c now to check your MySQL database by logging back into the MySQL server
and selecting all from the event table in your snort database.
However, if the count IS 0, you're probably either pinging your system from a system that matches
a whitelisted ip. If that is the case, try pinging your system from out side your network and to make
sure that is exposed to the outside world.
Congratulations, you now have a way to read and keep track of your detected intrusions.
Want to contribute ?
https://www.vultr.com/docs/setup-barnyard-2-with-snort 4/5
2/5/2018 Setup Barnyard 2 With Snort - Vultr.com
Email Address
Password
Create Account
(https:/
(https:/
/www.facebook.com/Vultr/)
/www.twitter.com/vultr/)
Copyright 2018 © Vultr Holdings Corporation. All rights reserved.
VULTR is a registered trademark of Vultr Holdings Corporation.
https://www.vultr.com/docs/setup-barnyard-2-with-snort 5/5