Building Barnyard2 from source

The guide explains everything you need to do for building Barnyard2 from source. It’s written for Ubuntu 12.04. Barnyard2 reads unified2 logs produced by SNORT®. It sends those logs to MySQL. Note that I’m using a dedicated build machine to compile the source as I don’t want to install development files and compilers on the machine that is running Snort®. In my previous post, I’ve explained how to install snort® and how to keep the rules up-to-date.

Install required tools

A default install of Ubuntu doesn’t include of the tools that you need to starting creating your own packages. This installs the essentials to get you starting.

# apt-get install build-essential libtool autoconf git

And also install the dependencies.

# apt-get install libpcap-dev libmysqld-dev libprelude-dev

Download source

Since I want to have the most recent version available, I’m using git to pul the latest snapshot.

$ git clone git://github.com/firnsy/barnyard2.git

Creating Makefiles

The next steps will create the makefile that are necessary before you can start building Barnyard2 from source.

$ cd barnyard2
$ ./autogen.sh
$ ./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu --enable-ipv6 --enable-prelude --prefix=$HOME/barnyard2-install

Note that I’m compiling for a 64bit system. For 32bit installs, replace “x86_64” with “i386”. You have to look at the output of the ‘configure’ command to make sure it didn’t stop with an error. Possible reasons for giving an error are missing build tools or development libraries. You can also see that I want to have support for IPv6 and output to Prelude and MySQL.

Building Barnyard2 from source

The next step will start the actual build process.

$ make
$ mkdir $HOME/barnyard2-install
$ make install
$ find $HOME/barnyard2-install

In my next post, I’ll explain how to install, configure and run barnyard2 on the IDS sensor.
This page is part of a series about a complete installation and configuration of Snort.
