Snort mailing list archives

Re: barnyard-0.1.0beta4

From: <bthaler () webstream net>
Date: Fri, 22 Feb 2002 10:01:05 -0500

If, by "There are probably a few quirks but its the same format" you're referring to the incompatible database schemas 
in use, then
yes, it's the same.

Demarc uses a different database structure than Acid.

The comments for the Acid output plugin in the barnyard.conf file state:
"Used to output data into the db schema used by ACID"

While I have not actually verified this, I assume it's referring to Acid's schema, and not some generic schema.  
Because of this,
the writes would fail, looking for tables such as "acid_event", etc.  These don't exist in a Demarc schema'd database, 
so, well you
get my point.

If, on the other hand, this output plugin writes to the generic snort tables present in both Acid and Demarc, then 
that's a
different story.  Again, I'm going to assume that "Used to output data into the db schema used by ACID" means just 
that.  If this is
not the case, then I suggest that someone either correct the comments in barnyard.conf, or rename the plugin.

Anyway, I'm just trying to verify where this plugin actually writes to (db tables) without having to install, configure 
and run it
myself.

Thanks for your help.







Sincerely,

Brad T.




----- Original Message -----
From: "Chris Green" <cmg () uab edu>
To: <bthaler () webstream net>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, February 22, 2002 9:37 AM
Subject: Re: [Snort-users] barnyard-0.1.0beta4

<bthaler () webstream net> writes:

Is there any support for Demarc in barnyard-01.10beta4?  I found an output
plugin for Acid, but nothing for Demarc.  Is this planned, or am I missing
something, or will Demarc not be supported at all?


It's the same database format used by both.  There are probably a few
quirks but its the same format
--
Chris Green <cmg () uab edu>
To err is human, to moo bovine.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

barnyard-0.1.0beta4 bthaler (Feb 20)
- <Possible follow-ups>
- barnyard-0.1.0beta4 bthaler (Feb 22)
  - Message not available
    - Re: barnyard-0.1.0beta4 Chris Green (Feb 22)
    - Re: barnyard-0.1.0beta4 bthaler (Feb 22)
    - Re: barnyard-0.1.0beta4 Chris Green (Feb 22)
- RE: barnyard-0.1.0beta4 Steve Halligan (Feb 22)
  - Re: barnyard-0.1.0beta4 bthaler (Feb 22)