Saturday , March 17 2018
Home / Information Security / Installing Snorby on Ubuntu for Snort with Barnyard2

Installing Snorby on Ubuntu for Snort with Barnyard2

Print Friendly

In this guide, I’ll go through installation and Configuration of Snorby as a front-end of Snort IDS. Before this, Snort must be installed and configured. If that’s not done yet, please follow following link:

– Install and Configure Snort HIDS with Barnyard2, Base & MySQL on Ubuntu

Installing Snort Sensor on Windows Host with Remote Snort +MySQL using WinIDS

Let us start installation of Snorby, first Pre-requisites:


Update OS First:

# apt-get update
# apt-get upgrade

Installing Required Pre-Requisites:

# apt-get install mysql-server apache2 libyaml-dev git-core default-jre imagemagick libmagickwand-dev wkhtmltopdf gcc g++ build-essential libssl-dev libreadline-gplv2-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt1-dev libxml2-dev libmysqlclient-dev libmysql++-dev apache2-prefork-dev libcurl4-openssl-dev -y

Install Ruby & Its addons:

# apt-get install ruby1.9.3 ruby-text-format
# gem install bundler
# gem install rails
# gem install rake –version=0.9.2

Install Snorby:

# cd /var/www/
# git clone
# cd /var/www/snorby/config/
# cp database.yml.example database.yml
# cp snorby_config.yml.example snorby_config.yml
# sed -i s/”\/usr\/local\/bin\/wkhtmltopdf”/”\/usr\/bin\/wkhtmltopdf”/g /var/www/snorby/config/snorby_config.yml

Configure snorby database username and password:

# vim /var/www/snorby/cofig/database.yml

Edit the settings to match your MySQL installation, in my network, it is given below as an example:

4 - SnorbyConfig

# cd /var/www/snorby/
# bundle install –deployment
# rake snorby:setup

Setup Apache:

Setup Apache to work with Snorby. First we need to install required module of Apache:

# gem install passenger
# passenger-install-apache2-module

5 - InstallPessenger



6 - InstallPessengerApache2Module



Copy the lines provided at the end of the installation script in Apache config file.

# vim /etc/apache2/apache2.conf

The lines should look something like this at the end of the file

# Include of directories ignores editors’ and dpkg’s backup files,
# see README.Debian for details.
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-3.0.18/ext/apache2/
PassengerRoot /var/lib/gems/1.9.1/gems/passenger-3.0.18
PassengerRuby /usr/bin/ruby1.9.1

# Include generic snippets of statements
Include conf.d/

# Include the virtual host configurations:
Include sites-enabled/

Now add the website as follows:

# vim /etc/apache2/sites-available/snorby

Add the following lines (change the ServerAdmin and Servername to something of your choice):

<VirtualHost *:80>
ServerAdmin snorby@localhost
ServerName snorby.localnet
DocumentRoot /var/www/snorby/public

<Directory “/var/www/snorby/public”>
AllowOverride all
Order deny,allow
Allow from all
Options -MultiViews

7 - ApacheConfigSnorby

Enable the new website and disable the default site:

# a2dissite default
# a2ensite snorby
# service apache2 reload

Browse to the new website at:  http://snorby.localnet (in my example) and login with the following default credentials:

Note:  For this, we need to add DNS host entry to either DNS Server (if have access to), or else to hosts file.


Password:       snorby

You should see a page that looks something like this:

8 - Snorby Frontend

About Muhammad Attique

  • jonatan nilsson

    sudo rake snorby:setup
    Gem::LoadError: You have already activated rake 10.4.2, but your Gemfile requires rake 0.9.2. Prepending `bundle exec` to your command may solve this.

    Please tell me how to solve this. I have tried bundle update and bundle exec but no luck ;/

  • Muhammad Attique

    first remove currently installed rake version by:

    # gem uninstall rake -v 10.4.2

    check if this works, if not, install rake with command:

    # gem install rake -v 0.9.2

    it should fix the version issue.


    I want sudo service apache2 restart

    apache2: Syntax error on line 234 of /etc/apache2/apache2.conf: Cannot load /var/lib/gems/1.9.1

    /gems/passenger-5.0.13/ext/apache2/ into server: /var/lib/gems/1.9.1

    /gems/passenger-5.0.13/ext/apache2/ invalid ELF header


    How can I fix it

  • Muhammad Attique

    Try installing perl-apache2 module by:

    # sudo passenger-install-apache2-module

    Then restart Apache2 again.


    Submitting Credentials, Pleas Wait… is continue how can I fix?

  • Muhammad Attique

    Sorry, I could not understand, where are you facing this error at.? Can you please give more details or better if screenshot.?


    Thank you veryvery much it solved can i ask someting more?

  • Muhammad Attique

    Glad to know it helped. Yes, sure please ask…

  • Neil Singer

    rake snorby:setup generates error: “/usr/bin/env: ruby: Permission denied” . Any ideas, Muhammad? [Running Ubuntu 14.04] Thanks

  • Muhammad Attique

    are you executing command with “sudo” in the beginning. normally Permission Denied error is faced due to limited permissions on ubuntu/debian hosts’ users and they need to execute every system level command with “sudo” in the beginning.

  • Neil Singer

    Yes. Executing with sudo.

  • Muhammad Attique

    Execute this command first:

    # chown -R apache:apache /var/www/html/snorby

    then execute

    # rake snorby:setup

    else, install snorby bundle first.

    # sudo bundle exec rake snorby:setup

  • Style Stylex

    Thx bro just wondering after snorby been installed does it need any rules or any thing? I installed snorby in my Kali machine it does not start until I run sudo service mysql restart and sudo service apache2 restart and when it start all the default values are 0. I don’t know if I need to play with administration or events?

  • Muhammad Attique

    Hi, You are welcome.
    No further configuration required for auto-start of Snorby. You may need to verify that apache and mysql both are started and executed fine on every start by hosting a test website.

  • Style Stylex

    Thank you for reply, what do u mean by hosting a test website? Do you mean I should set up a host website?

  • Muhammad Attique

    Yes, just like you’ve hosted Snorby in Apache along with MySQL DB, I’m asking you to host another website to test if Apache & MySQL are working fine and issue is with Snorby only.

  • vonDassendorf

    Hi! Thx for this guide. I’m having problems installing rake. I get this error:
    ERROR: While executing gem … (URI::InvalidURIError)
    URI must be ascii only “?gems=u{2013}version=0.9.2”

    I’ve been googling but can’t find any solution that works.

    I tried to do the next step and then I got the following error while running:
    sed -i s/”/usr/local/bin/wkhtmltopdf”/”/usr/bin/wkhtmltopdf”/g’ /var/www/snorby/config/snorby_config.yml

    sed: -e expression #1, char 11: unknown option to `s’

    I can’t find any solutions for these problems and would appretiate if someone know how to fix this!

  • Muhammad Attique

    Which version of Rake are you using/installed ?

    Try to uninstall Rake with following command:

    # gem uninstall rake

    Now install rake with command:

    # gem install rake -v 0.9.2

    it should fix the issue.