Snort 2.9 on CentOS 6.3 (continued) with Barnyard2

This is a continuation of the post on installing Snort 2.9 on CentOS 6.4(http://nkush.blogspot.com.au/2013/03/snort-29-on-centos-63.html). Thispost installs Barnyard2 on the host. Barnyard is an output system for Snort. If effectively allows bettersnort performance by enabling Snort to produce binary output which isthen processed by Barnyard. Barnyard processes the binary Snort output files (unified2 binary) andstores the processed data into a database back-end, for example MySQL.The advantage of using Barnyard instead of the database output fromSnort is that Barnyard is able to “cache” the data in case the databaseis unavailable.

Read More →

Installing Snort 2.9.1.2 on CentOS 5.7

CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort’s DataAcquisition Library (daq) needs a newer version of libpcap (>=1.0.0).The latter is not an issue with the CentOS 6.0. Vishesh Kumar [1]provides an excellent instructions to getting Snort 2.9 to run on RHEL 5(http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html).The purpose of this post is not to duplicate his efforts, but to extendit slightly to include instructions for a complete Snort set-up.

Read More →