diff options
Diffstat (limited to 'security/barnyard-sguil/files/patch-barnyard.conf')
-rw-r--r-- | security/barnyard-sguil/files/patch-barnyard.conf | 150 |
1 files changed, 0 insertions, 150 deletions
diff --git a/security/barnyard-sguil/files/patch-barnyard.conf b/security/barnyard-sguil/files/patch-barnyard.conf deleted file mode 100644 index cd1038bdd608..000000000000 --- a/security/barnyard-sguil/files/patch-barnyard.conf +++ /dev/null @@ -1,150 +0,0 @@ ---- etc/barnyard.conf.orig Sat May 1 11:43:29 2004 -+++ etc/barnyard.conf Mon Jan 15 15:16:57 2007 -@@ -1,139 +1,22 @@ - #------------------------------------------------------------- --# http://www.snort.org Barnyard 0.1.0 configuration file -+# http://www.snort.org Barnyard 0.2.0 configuration file - # Contact: snort-barnyard@lists.sourceforge.net - #------------------------------------------------------------- - # $Id: barnyard.conf,v 1.9 2004/05/01 16:43:29 andrewbaker Exp $ - ######################################################## --# Currently you want to do two things in here: turn on --# available data processors and turn on output plugins. --# The data processors (dp's) and output plugin's (op's) --# automatically associate with each other by type and --# are automatically selected at run time depending on --# the type of file you try to load. -+# This config is to be used ONLY for barnyard-sguil6 and -+# will not work for other uses of barnyard such as base -+# because it is missing many of the configuration options -+# that are required for other uses. The requirements for -+# barnyard use with sguil 0.6.0 and above are minimal. - ######################################################## - - # Step 1: configuration declarations --# To keep from having a commandline that uses every letter in the alphabet --# most configuration options are set here -- --# enable daemon mode --# config daemon -- - # use localtime instead of UTC (*not* recommended because of timewarps) --#config localtime -- --# set the hostname (currently only used for the acid db output plugin) --config hostname: snorthost -- --# set the interface name (currently only used for the acid db output plugin) --config interface: fxp0 -- --# set the filter (currently only used for the acid db output plugin) --config filter: not port 22 -- --# Step 2: setup the output plugins -- --# alert_fast --#----------------------------- --# Converts data from the dp_alert plugin into an approximation of Snort's --# "fast alert" mode. Argument: <filename> -- --output alert_fast -- --# log_dump --#----------------------------- --# Converts data from the dp_log plugin into an approximation of Snort's --# "ASCII packet dump" mode. Argument: <filename> -- --output log_dump -- --# alert_csv (experimental) --#--------------------------- --# Creates a CSV output file of alerts (optionally using a user specified format) --# Arguments: filepath [format] --# --# The format is a comma-seperated list of fields to output (no spaces allowed) --# The available fields are: --# sig_gen - signature generator --# sig_id - signature id --# sig_rev - signatrue revision --# sid - SID triplet --# class - class id --# classname - textual name of class --# priority - priority id --# event_id - event id --# event_reference - event reference --# ref_tv_sec - reference seconds --# ref_tv_usec - reference microseconds --# tv_sec - event seconds --# tv_usec - event microseconds --# timestamp - prettified timestamp (2001-01-01 01:02:03) in UTC --# src - src address as a u_int32_t --# srcip - src address as a dotted quad --# dst - dst address as a u_int32_t --# dstip - dst address as a dotted quad --# sport_itype - source port or ICMP type (or 0) --# sport - source port (if UDP or TCP) --# itype - ICMP type (if ICMP) --# dport_icode - dest port or ICMP code (or 0) --# dport - dest port --# icode - ICMP code (if ICMP) --# proto - protocol number --# protoname - protocol name --# flags - flags from UnifiedAlertRecord --# msg - message text --# hostname - hostname (from barnyard.conf) --# interface - interface (from barnyard.conf) --# --# Examples: --# output alert_csv: /var/log/snort/csv.out --# output alert_csv: /var/log/snort/csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode --# output alert_csv: csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode -- -- --# alert_syslog --#----------------------------- --# Converts data from the alert stream into an approximation of Snort's --# syslog alert output plugin. Same arguments as the output plugin in snort. -- --#output alert_syslog -- --# alert_syslog2 --#------------------------------- --# Generates a syslog alert. This supports considerably more features than --# the original syslog output plugin. --# --# output alert_syslog2 -+# config localtime - --# log_pcap --#----------------------------- --# Converts data from the dp_log plugin into standard pcap format --# Argument: <filename> -- --#output log_pcap -- --# acid_db --#------------------------------- --# Available as both a log and alert output plugin. Used to output data into --# the db schema used by ACID --# Arguments: --# $db_flavor - what flavor of database (ie, mysql) --# sensor_id $sensor_id - integer sensor id to insert data as --# database $database - name of the database --# server $server - server the database is located on --# user $user - username to connect to the database as --# password $password - password for database authentication --# output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root --# output log_acid_db: mysql, database snort, server localhost, user root, detail full -- - # sguil --#---- - # This output plug-in is used to generate output for use with the SGUIL user - # interface. To learn more about SGUIL, go to http://sguil.sourceforge.net - # --#output sguil: mysql, sensor_id 0, database sguildb, server syn, user root,\ --# password dbpasswd, sguild_host syn, sguild_port 7736 -- -- -- -- -+output sguil |