#####snort.conf 설정변경##########################
두줄추가 (output부분)
#unified
output unified2: filename snort.log, limit 128
########barnyard2 설치(64bit기준)########################################
cd /root/
barnyard2.tar.gz복사
tar zxvf barnyard2-1.8.tar.gz
cd barnyard2-1.8
./configure --with-mysql-libraries=/usr/lib64/mysql/
make
make install
cp etc/barnyard2.conf /etc/snort/
mkdir /var/log/barnyard2
chmod 666 /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo
chown snort:snort /var/log/snort/barnyard2.waldo
########barnyard2 수정#########################################
vi /etc/snort/barnyard2.conf
주석해제
config hostname: locahost
config interface: eth0
output database: log, mysql, user=snort password=ahslxj1234 dbname=snort host=localhost
########sid-msg.map최신화######################################
barnyard의 output은 이벤트명을 포함하지 않기 때문에 매칭파일을 사용해야한다.
안그러면 DB에 이벤트명이 제대로 박히지 않는다.
매핑파일 위치: /etc/snort/sid-msg.map
create-sidmap.pl 스크립트를 이용하면 최신룰로 매칭할 수 있다.(검색ㄱㄱ)
########실행#########################################
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D
http://gsxbinary.blogspot.com/2010/07/snort-barnyard2-mysql-base-intro.html
http://blog.nielshorn.net/2010/09/snort-barnyard2-base-complete-installation/
barnyard2 실행 전후 퍼포먼스 측정
초당 로그기록량 증가
드롭률 감소
출처 : http://applicationlayer.tistory.com/292
'Security > Barnyard' 카테고리의 다른 글
barnyard2 test based on ubuntu 13.04 (0) | 2014.03.31 |
---|---|
barnyard2 데몬 만들기 (0) | 2014.03.31 |
barnyard2 syslog 설정 (0) | 2014.03.31 |
Barnyard2 설치 (1) | 2014.03.31 |
Barnyard 설치 & 설정 (0) | 2014.03.31 |
댓글