본문 바로가기
  • AI (Artificial Intelligence)
Security/Barnyard

barnyard2 설치

by 로샤스 2014. 3. 31.
#####snort.conf 설정변경##########################
두줄추가 (output부분)
#unified
output unified2: filename snort.log, limit 128

########barnyard2 설치(64bit기준)########################################
cd /root/
barnyard2.tar.gz복사
tar zxvf barnyard2-1.8.tar.gz
cd barnyard2-1.8
./configure --with-mysql-libraries=/usr/lib64/mysql/
make
make install
cp etc/barnyard2.conf /etc/snort/
mkdir /var/log/barnyard2
chmod 666 /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo
chown snort:snort /var/log/snort/barnyard2.waldo

########barnyard2 수정#########################################
vi /etc/snort/barnyard2.conf
주석해제
config hostname:        locahost
config interface:       eth0
output database: log, mysql, user=snort password=ahslxj1234 dbname=snort host=localhost

########sid-msg.map최신화######################################
barnyard의 output은 이벤트명을 포함하지 않기 때문에 매칭파일을 사용해야한다.
안그러면 DB에 이벤트명이 제대로 박히지 않는다.

매핑파일 위치: /etc/snort/sid-msg.map

create-sidmap.pl 스크립트를 이용하면 최신룰로 매칭할 수 있다.(검색ㄱㄱ)


########실행#########################################
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D

참고:
http://gsxbinary.blogspot.com/2010/07/snort-barnyard2-mysql-base-intro.html
http://blog.nielshorn.net/2010/09/snort-barnyard2-base-complete-installation/

 

barnyard2 실행 전후 퍼포먼스 측정

 

 초당 로그기록량 증가

 

드롭률 감소

 

 

 

 

 

 

출처 : http://applicationlayer.tistory.com/292

 

 

 

 

 

'Security > Barnyard' 카테고리의 다른 글

barnyard2 test based on ubuntu 13.04  (0) 2014.03.31
barnyard2 데몬 만들기  (0) 2014.03.31
barnyard2 syslog 설정  (0) 2014.03.31
Barnyard2 설치  (1) 2014.03.31
Barnyard 설치 & 설정  (0) 2014.03.31

댓글