RE: Mult snort instances and portscan logging

["Stephen Shepherd" <drew600_1999 () yahoo com>]

Just an Idea here but could not the DB plugin support from snort be ported
over to Barnyard?  It would be nice if the Snort DB plugin could be made
into a portable module that could be built into other apps off the shelf.
Tom Liston's Labrea could make use of this for logging into a snort DB.
Then Labrea activity could be viewable in ACID.  I am sure other utils could
benifit from this as well.

YOP

-----Original Message-----
From: natasha () kohlrabi farm9 com [mailto:natasha () kohlrabi farm9 com]On
Behalf Of Andrew R. Baker
Sent: Thursday, October 25, 2001 13:43
To: drew600_1999 () yahoo com
Cc: Snort Users List (E-mail)
Subject: Re: [Snort-users] Mult snort instances and portscan logging



Comments inline.

> Stephen Shepherd wrote:
>
> Questions [about portscan logs]:
> Will barnyard collect this data together as well as Alert data?

Barnyard does not support reading the portscan logs at this time.  There
is work being done on an updated portscan detector that will output data
capable of being read by barnyard.

> BTW any idea when Barnyard will support Microsoft SQL?  I would be
> more than happy to help test that.  Implementing Barnyard is the next
> big step in my IDS project.

Postgres support is currently being worked on for the barnyard database
output plugin.  MS SQL support will be included in the future, but that
may take some time.

-A


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users