Installing and configuring Barnyard is a relatively straightforward and simple task. Barnyard was designed to have limited but powerful functionality. It is intended to perform only one function, and do it very well: the generation of alerts from Snort intrusion data. Barnyard has no other planned features, with the exception of processing alerts stored in the Snort Unified format.
Barnyard has three basic modes of operation:
Continual with checkpointing
One-shot mode is used to process a Snort unified file in a single run. Barnyard processes the file, generates alerts, and then exits. When Barnyard is set in continual mode, it starts with a file and continuously processes data as it is created by Snort. ...