Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort and Barnyard2

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 4 Posters 12.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lordarcane
      last edited by

      Okey, so, this is quite a noob question i belive.  ;DBut, í´ve hade snort running for quite a while on my firewall, and just recently upgraded snort to the newest version and pfsense to 1.2.3.

      The GUI of the snort package had changed with some new features, like barnyard2. Since i did not know what that was I disabled it. I´ve searched the forum, but cannot find any explanation to what it does, so I googled and, as i understand it it is some sort of log analizer for snort.

      Thought, as it is now, i dont get any block logs or anything from snort. But, it seems to be running.

      Do I need to enable it to get the logs working or? Does barnyard2 have any more features.

      1 Reply Last reply Reply Quote 0
      • C Offline
        ColdFusion
        last edited by

        You do not need to enable it. Make sure the interface is enabled(green) and edit  Snort interfaces preprocessor tab and check off the boxes.

        1 Reply Last reply Reply Quote 0
        • L Offline
          lordarcane
          last edited by

          Okey, so I need to tic some of the boxes to make snort do any work at all? =)

          What of them are sensible to mark for a standard saftey setup?
          Performance Statistics
          Portscan Detection

          Or?

          1 Reply Last reply Reply Quote 0
          • J Offline
            jamesdean
            last edited by

            @lordarcane:

            Okey, so I need to tic some of the boxes to make snort do any work at all? =)

            What of them are sensible to mark for a standard saftey setup?
            Performance Statistics
            Portscan Detection

            Or?

            Barnyard2 is Fixed now in snort pkg v. 1.25

            James

            1 Reply Last reply Reply Quote 0
            • L Offline
              lordarcane
              last edited by

              Okey!

              Thanks for all the answers!

              But still, I need to tick some preprocessors to get snort to start checking the traffick on my interface?

              //A

              1 Reply Last reply Reply Quote 0
              • G Offline
                goulou
                last edited by

                James, thank you very much for your hard work on Snort - awesome package!

                I've upgraded with each new version and am running Snort 2.8.5.3 pkg v. 1.25. Snort runs but my one problem is Banyard 2 which is showing enabled but is not running due to mysql. I do have mysql enabled but forgot the original password required in the barnyard tab. Restarting snort shows this entry in the logs:

                barnyard2[32432]: fatal error: database: mysql_error: can't connect to local mysql server through socket '/tmp/mysql.sock

                I looked at the snorby tutorial in the FAQ for barnyard but I know you said barnyard is now fixed so not sure what to do to get banyard2 to turn green/enabled with my password issue. Any ideas?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.