Barnyard2 (http://www.securixlive.com/barnyard2/index.php) is the successor of net-analyzer/barnyard, which is not mantained at least from mid-2004. Barnyard2 aims at improving barnyard itself, while also supporting unified2 output format (available from >snort-2.8) and many more output plugins. I have taken barnyard ebuild and modified it accordingly.
For version 1.6 (which is the current stable) I had to write a patch (already filed to upstream for inclusion in 1.7) to fix compilation issues. There are a lot of warnings when compiling with gcc-4.3 and the devs are already working on it.
Barnyard2 also supports privilege dropping. I've defaulted to snort:snort in the default config file to allow access to snort logs (with the default configuration).
Currently the only true problem is that when daemonized it doesn't stop when asked to: "rc-config stop barnyard2" says "ok", but then issuing "rc-config start barnyard2" fails with error ("cannot start barnyard2"), pgrep shows barnyard2 is still running. I'll file the link to this bug to the devs to help the bug-hunting process.
Due to the current problems I'd suggest hardmasking until 1.7 is out.
I'm attaching the ebuild, the compile fix and the two rc-files.
Created attachment 199090 [details]
Created attachment 199091 [details, diff]
fix compile issue for 1.6
Created attachment 199092 [details]
barnyard2 default /etc/conf.d/ file
Created attachment 199094 [details]
barnyard2 default rc script
not tested with sguil
Created attachment 212443 [details]
ebuild for 1.7
I just created a somewhat cleaned up version for this ebuild, packed up in a tarball to make life easier.
Please see Bug #307783 for an updated and fully working ebuild.
+ 16 Mar 2010; Patrick Lauer <firstname.lastname@example.org> +files/barnyard2.confd,
+ +files/barnyard2.initd, +barnyard2-1.8.ebuild, +metadata.xml:
+ Initial import. Ebuild by Jason Wallace based on work by Fabio
+ Scaccabarozzi and Han Boetes . Closes #279019 and #307783