# pkg install barnyard2 # no need, install as snort dependence # mkdir /var/log/barnyard2 # cat /usr/local/etc/barnyard2.conf
... output alert_fwsam: 127.0.0.1:898/secret
# cat /usr/local/etc/snort/snort.conf
... output unified2: filename snort.log ...
# cat /usr/local/etc/sid-block.map
1256: src, 2 min 1000001: src, 2 min
# service snort stop # rm /var/log/snort/* # service snort start # /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort/ -f snort.log # cat /etc/rc.conf
... barnyard2_enable=yes barnyard2_flags="-D -d /var/log/snort/ -f snort.log"
# service barnyard2 start
# cat classification.config
... config classification: web-application-attack,Web Application Attack,1 ...