Barnyard2 – Dedicated Spooler for Snort Output

barnyard2 [options]

    Gernal Options:

        c <file>  Use configuration file <file>

        C <file>  Read the classification map from <file>

        D         Run barnyard2 in background (daemon) mode

        e         Display the second layer header info

        E         Log alert messages to NT Eventlog. (Win32 only)

        F         Turn off fflush() calls after binary log writes

        g <gname> Run barnyard2 gid as <gname> group (or gid) after initialization

        G <file>  Read the genmsg map from <file>

        h <name>  Define the hostname <name>. For logging purposes only

        i <if>    Define the interface <if>. For logging purposes only

        I         Add Interface name to alert output

        l <ld>    Log to directory <ld>

        m <umask> Set umask = <umask>

        O         Obfuscate the logged IP addresses

        q         Quiet. Don‘t show banner and status report

        -r <id>    Include ‘idin barnyard2_intf<id>.pid file name

        R <file>  Read the reference map from <file>

        S <file>  Read the sidmsg map from <file>

        t <dir>   Chroots process to <dir> after initialization

        T         Test and report on the current barnyard2 configuration

        u <uname> Run barnyard2 uid as <uname> user (or uid) after initialization

        U         Use UTC for timestamps

        v         Be verbose

        V         Show version number

        ?         Show this information

    Continual Processing Options:

        a <dir>   Archive processed files to <dir>

        f <base>  Use <base> as the base filename pattern

        d <dir>   Spool files from <dir>

        n         Only process new events

        w <file>  Enable bookmarking using <file>

    Batch Processing Mode Options:

        o         Enable batch processing mode

Leave a Reply