====== Сервис BARNYARD2 ======

  * [[https://github.com/firnsy/barnyard2/blob/master/doc/README.snortsam|barnyard2/doc/README.snortsam]]
  * [[https://github.com/firnsy/barnyard2/issues/127|snort generate logs，barnyard2 can not read records]]

===== Ubuntu =====

  * [[http://computer-outlines.over-blog.com/article-nids-snort-barnyard2-apache2-base-with-ubuntu-14-04-lts-123532107.html|SNORT / Barnyard2 / MySQL / BASE with Ubuntu 14.04 LTS]]

===== FreeBSD =====

  * [[http://www.itcooky.com/?p=3108|Установка на FreeBSD 9 системы анализа Snort и блокировки SnortSAM зловредного трафика!]]
<code>
# pkg install barnyard2 # no need, install as snort dependence

# mkdir /var/log/barnyard2

# cat /usr/local/etc/barnyard2.conf
</code><code>
...
output alert_fwsam: 127.0.0.1:898/secret
</code><code>
# cat /usr/local/etc/snort/snort.conf
</code><code>
...
output unified2: filename snort.log
...
</code><code>
# cat /usr/local/etc/sid-block.map
</code><code>
1256: src, 2 min
1000001: src, 2 min
</code><code>
# service snort stop

# rm /var/log/snort/*

# service snort start

# /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort/ -f snort.log

# cat /etc/rc.conf
</code><code>
...
barnyard2_enable=yes
barnyard2_flags="-D -d /var/log/snort/ -f snort.log"
</code><code>
# service barnyard2 start
</code>

==== Принцип отбора правил ====

<code>
# cat classification.config
</code><code>
...
config classification: web-application-attack,Web Application Attack,1
...
</code>