sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-06-04 04:16:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Customize barnyard.conf for use ONLY with sguil 0.6.0.

Browse source 
PR:		107965
Submitted by:	Paul Schmehl <pauls at utdallas.edu> (maintainer)
This commit is contained in:
Boris Samorodov 2007-01-16 17:48:38 +00:00
parent f991b7d6eb
commit a54c44d7a7
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=182529
2 changed files with 300 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

150
security/barnyard-sguil/files/patch-barnyard.conf Normal file
View file

@ -0,0 +1,150 @@
--- etc/barnyard.conf.orig Sat May 1 11:43:29 2004
+++ etc/barnyard.conf Mon Jan 15 15:16:57 2007
@@ -1,139 +1,22 @@
#-------------------------------------------------------------
-# http://www.snort.org Barnyard 0.1.0 configuration file
+# http://www.snort.org Barnyard 0.2.0 configuration file
# Contact: snort-barnyard@lists.sourceforge.net
#-------------------------------------------------------------
# $Id: barnyard.conf,v 1.9 2004/05/01 16:43:29 andrewbaker Exp $
########################################################
-# Currently you want to do two things in here: turn on
-# available data processors and turn on output plugins.
-# The data processors (dp's) and output plugin's (op's)
-# automatically associate with each other by type and
-# are automatically selected at run time depending on
-# the type of file you try to load.
+# This config is to be used ONLY for barnyard-sguil6 and
+# will not work for other uses of barnyard such as base
+# because it is missing many of the configuration options
+# that are required for other uses. The requirements for
+# barnyard use with sguil 0.6.0 and above are minimal.
########################################################
# Step 1: configuration declarations
-# To keep from having a commandline that uses every letter in the alphabet
-# most configuration options are set here
-
-# enable daemon mode
-# config daemon
-
# use localtime instead of UTC (*not* recommended because of timewarps)
-#config localtime
-
-# set the hostname (currently only used for the acid db output plugin)
-config hostname: snorthost
-
-# set the interface name (currently only used for the acid db output plugin)
-config interface: fxp0
-
-# set the filter (currently only used for the acid db output plugin)
-config filter: not port 22
-
-# Step 2: setup the output plugins
-
-# alert_fast
-#-----------------------------
-# Converts data from the dp_alert plugin into an approximation of Snort's
-# "fast alert" mode. Argument: <filename>
-
-output alert_fast
-
-# log_dump
-#-----------------------------
-# Converts data from the dp_log plugin into an approximation of Snort's
-# "ASCII packet dump" mode. Argument: <filename>
-
-output log_dump
-
-# alert_csv (experimental)
-#---------------------------
-# Creates a CSV output file of alerts (optionally using a user specified format)
-# Arguments: filepath [format]
-#
-# The format is a comma-seperated list of fields to output (no spaces allowed)
-# The available fields are:
-# sig_gen - signature generator
-# sig_id - signature id
-# sig_rev - signatrue revision
-# sid - SID triplet
-# class - class id
-# classname - textual name of class
-# priority - priority id
-# event_id - event id
-# event_reference - event reference
-# ref_tv_sec - reference seconds
-# ref_tv_usec - reference microseconds
-# tv_sec - event seconds
-# tv_usec - event microseconds
-# timestamp - prettified timestamp (2001-01-01 01:02:03) in UTC
-# src - src address as a u_int32_t
-# srcip - src address as a dotted quad
-# dst - dst address as a u_int32_t
-# dstip - dst address as a dotted quad
-# sport_itype - source port or ICMP type (or 0)
-# sport - source port (if UDP or TCP)
-# itype - ICMP type (if ICMP)
-# dport_icode - dest port or ICMP code (or 0)
-# dport - dest port
-# icode - ICMP code (if ICMP)
-# proto - protocol number
-# protoname - protocol name
-# flags - flags from UnifiedAlertRecord
-# msg - message text
-# hostname - hostname (from barnyard.conf)
-# interface - interface (from barnyard.conf)
-#
-# Examples:
-# output alert_csv: /var/log/snort/csv.out
-# output alert_csv: /var/log/snort/csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode
-# output alert_csv: csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode
-
-
-# alert_syslog
-#-----------------------------
-# Converts data from the alert stream into an approximation of Snort's
-# syslog alert output plugin. Same arguments as the output plugin in snort.
-
-#output alert_syslog
-
-# alert_syslog2
-#-------------------------------
-# Generates a syslog alert. This supports considerably more features than
-# the original syslog output plugin.
-#
-# output alert_syslog2
+# config localtime
-# log_pcap
-#-----------------------------
-# Converts data from the dp_log plugin into standard pcap format
-# Argument: <filename>
-
-#output log_pcap
-
-# acid_db
-#-------------------------------
-# Available as both a log and alert output plugin. Used to output data into
-# the db schema used by ACID
-# Arguments:
-# $db_flavor - what flavor of database (ie, mysql)
-# sensor_id $sensor_id - integer sensor id to insert data as
-# database $database - name of the database
-# server $server - server the database is located on
-# user $user - username to connect to the database as
-# password $password - password for database authentication
-# output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root
-# output log_acid_db: mysql, database snort, server localhost, user root, detail full
-
# sguil
-#----
# This output plug-in is used to generate output for use with the SGUIL user
# interface. To learn more about SGUIL, go to http://sguil.sourceforge.net
#
-#output sguil: mysql, sensor_id 0, database sguildb, server syn, user root,\
-# password dbpasswd, sguild_host syn, sguild_port 7736
-
-
-
-
+output sguil

150
security/barnyard-sguil6/files/patch-barnyard.conf Normal file
View file

@ -0,0 +1,150 @@
--- etc/barnyard.conf.orig Sat May 1 11:43:29 2004
+++ etc/barnyard.conf Mon Jan 15 15:16:57 2007
@@ -1,139 +1,22 @@
#-------------------------------------------------------------
-# http://www.snort.org Barnyard 0.1.0 configuration file
+# http://www.snort.org Barnyard 0.2.0 configuration file
# Contact: snort-barnyard@lists.sourceforge.net
#-------------------------------------------------------------
# $Id: barnyard.conf,v 1.9 2004/05/01 16:43:29 andrewbaker Exp $
########################################################
-# Currently you want to do two things in here: turn on
-# available data processors and turn on output plugins.
-# The data processors (dp's) and output plugin's (op's)
-# automatically associate with each other by type and
-# are automatically selected at run time depending on
-# the type of file you try to load.
+# This config is to be used ONLY for barnyard-sguil6 and
+# will not work for other uses of barnyard such as base
+# because it is missing many of the configuration options
+# that are required for other uses. The requirements for
+# barnyard use with sguil 0.6.0 and above are minimal.
########################################################
# Step 1: configuration declarations
-# To keep from having a commandline that uses every letter in the alphabet
-# most configuration options are set here
-
-# enable daemon mode
-# config daemon
-
# use localtime instead of UTC (*not* recommended because of timewarps)
-#config localtime
-
-# set the hostname (currently only used for the acid db output plugin)
-config hostname: snorthost
-
-# set the interface name (currently only used for the acid db output plugin)
-config interface: fxp0
-
-# set the filter (currently only used for the acid db output plugin)
-config filter: not port 22
-
-# Step 2: setup the output plugins
-
-# alert_fast
-#-----------------------------
-# Converts data from the dp_alert plugin into an approximation of Snort's
-# "fast alert" mode. Argument: <filename>
-
-output alert_fast
-
-# log_dump
-#-----------------------------
-# Converts data from the dp_log plugin into an approximation of Snort's
-# "ASCII packet dump" mode. Argument: <filename>
-
-output log_dump
-
-# alert_csv (experimental)
-#---------------------------
-# Creates a CSV output file of alerts (optionally using a user specified format)
-# Arguments: filepath [format]
-#
-# The format is a comma-seperated list of fields to output (no spaces allowed)
-# The available fields are:
-# sig_gen - signature generator
-# sig_id - signature id
-# sig_rev - signatrue revision
-# sid - SID triplet
-# class - class id
-# classname - textual name of class
-# priority - priority id
-# event_id - event id
-# event_reference - event reference
-# ref_tv_sec - reference seconds
-# ref_tv_usec - reference microseconds
-# tv_sec - event seconds
-# tv_usec - event microseconds
-# timestamp - prettified timestamp (2001-01-01 01:02:03) in UTC
-# src - src address as a u_int32_t
-# srcip - src address as a dotted quad
-# dst - dst address as a u_int32_t
-# dstip - dst address as a dotted quad
-# sport_itype - source port or ICMP type (or 0)
-# sport - source port (if UDP or TCP)
-# itype - ICMP type (if ICMP)
-# dport_icode - dest port or ICMP code (or 0)
-# dport - dest port
-# icode - ICMP code (if ICMP)
-# proto - protocol number
-# protoname - protocol name
-# flags - flags from UnifiedAlertRecord
-# msg - message text
-# hostname - hostname (from barnyard.conf)
-# interface - interface (from barnyard.conf)
-#
-# Examples:
-# output alert_csv: /var/log/snort/csv.out
-# output alert_csv: /var/log/snort/csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode
-# output alert_csv: csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode
-
-
-# alert_syslog
-#-----------------------------
-# Converts data from the alert stream into an approximation of Snort's
-# syslog alert output plugin. Same arguments as the output plugin in snort.
-
-#output alert_syslog
-
-# alert_syslog2
-#-------------------------------
-# Generates a syslog alert. This supports considerably more features than
-# the original syslog output plugin.
-#
-# output alert_syslog2
+# config localtime
-# log_pcap
-#-----------------------------
-# Converts data from the dp_log plugin into standard pcap format
-# Argument: <filename>
-
-#output log_pcap
-
-# acid_db
-#-------------------------------
-# Available as both a log and alert output plugin. Used to output data into
-# the db schema used by ACID
-# Arguments:
-# $db_flavor - what flavor of database (ie, mysql)
-# sensor_id $sensor_id - integer sensor id to insert data as
-# database $database - name of the database
-# server $server - server the database is located on
-# user $user - username to connect to the database as
-# password $password - password for database authentication
-# output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root
-# output log_acid_db: mysql, database snort, server localhost, user root, detail full
-
# sguil
-#----
# This output plug-in is used to generate output for use with the SGUIL user
# interface. To learn more about SGUIL, go to http://sguil.sourceforge.net
#
-#output sguil: mysql, sensor_id 0, database sguildb, server syn, user root,\
-# password dbpasswd, sguild_host syn, sguild_port 7736
-
-
-
-
+output sguil