Snort mailing list archives

RE: barnyard to db

From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 4 Oct 2001 09:05:56 -0700 (PDT)

On Thu, 4 Oct 2001, Frank Reid wrote:

I'm confused on barnyard.  From mailing list discussion and docs, I
presume it rolls up the Snort binary output and performs the database
insertions directly (rather than having Snort insert "real-time" into
the database via the output preprocessor).  Is that's correct, then is
it of most value if Snort and the database live on the same box?  In a
distributed Snort sensor environment, one would have to "collect" the
Snort output by some other means, then have barnyard read it into the
database?


Actaully Barnyard sorta 'hangs out' waiting on snort to drop something into
the unified logs.  Once it gets it, it proceeds to output it in whatever way
you use.  It's a seperate program that handles the output.  Snort just writes
to the unifed log, and barnyard takes it from there.  Not 'real-time' but
pretty damned close. :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

barnyard to db Mike Poor (Oct 01)
- Re: barnyard to db Andrew R. Baker (Oct 01)
  - Re: barnyard to db Jed Pickel (Oct 03)
    - Re: barnyard to db Dragos Ruiu (Oct 04)
    - RE: barnyard to db Jeff Dell (Oct 04)
    - Compile problem Kevin Pietersma (Oct 04)
    - Re: barnyard to db Martin Roesch (Oct 04)
    - RE: barnyard to db Frank Reid (Oct 04)
    - RE: barnyard to db Erek Adams (Oct 04)
    - RE: barnyard to db Andrew R. Baker (Oct 04)
    - Re: barnyard to db Chris Green (Oct 04)
    - Re: barnyard to db Andrew R. Baker (Oct 04)