The guide explains everything you need to do for building Barnyard2 from source. It’s written for Ubuntu 12.04. Barnyard2 reads unified2 logs produced by SNORT®. It sends those logs to MySQL. Note that I’m using a dedicated build machine to compile the source as I don’t want to install development files and compilers on the machine that is running Snort®. In my previous post, I’ve explained how to install snort® and how to keep the rules up-to-date.
Install required tools
A default install of Ubuntu doesn’t include of the tools that you need to starting creating your own packages. This installs the essentials to get you starting.
# apt-get install build-essential libtool autoconf git
And also install the dependencies.
# apt-get install libpcap-dev libmysqld-dev libprelude-dev
Since I want to have the most recent version available, I’m using git to pul the latest snapshot.
$ git clone git://github.com/firnsy/barnyard2.git
The next steps will create the makefile that are necessary before you can start building Barnyard2 from source.
$ cd barnyard2 $ ./autogen.sh $ ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu --enable-ipv6 --enable-prelude --prefix=$HOME/barnyard2-install
Note that I’m compiling for a 64bit system. For 32bit installs, replace “x86_64” with “i386”. You have to look at the output of the ‘configure’ command to make sure it didn’t stop with an error. Possible reasons for giving an error are missing build tools or development libraries. You can also see that I want to have support for IPv6 and output to Prelude and MySQL.
Building Barnyard2 from source
The next step will start the actual build process.
$ make $ mkdir $HOME/barnyard2-install $ make install $ find $HOME/barnyard2-install /home/thomas/barnyard2-install /home/thomas/barnyard2-install/bin /home/thomas/barnyard2-install/bin/barnyard2 /home/thomas/barnyard2-install/etc /home/thomas/barnyard2-install/etc/barnyard2.conf
In my next post, I’ll explain how to install, configure and run barnyard2 on the IDS sensor.
This page is part of a series about a complete installation and configuration of Snort.
Snort is a registered trademark of Sourcefire, Inc.