Barnyard is a very handy tool that exports snort binary "unified" logs to a variety of other formats, such as syslog, csv or mysql. A barnyard command usually looks like that:
droopy$ barnyard -d /var/log/snort/eth3 \
-s /etc/snort/sid-msg.map \
-g /etc/snort/gen-msg.map \
-p /etc/snort/classification.config \
-c /etc/snort/barnyard.eth3.conf \
-w /var/log/snort/eth3/waldo.chk \
-f snort.log \
-X /var/log/snort/eth3/barnyard.pid \
-D
I found there are three undocumented options that can be added to barnyard.conf:
...
config sid-msg-map: /etc/snort/sid-msg.map
config gen-msg-map: /etc/snort/gen-msg.map
config class-file: /etc/snort/classification.config
...
which will quite considerably shorten you command. That's especially usefull when testing commands with the -R flag.
