Snort mailing list archives
Re: Barnyard and Multiple DB Connections
From: Steve Suppe <suppe2 () llnl gov>
Date: Wed, 22 Sep 2004 14:01:03 -0700
My advice is to have two instances of Barnyard running, each logging to a separate database. The involves having 2 waldo files (one for each), so it takes a little tuning but it certainly isn't difficult to do. Just point them at different files. You can even have it all work in the Snort init script if you have them point to two different PID files, and kill them off by referring to each process by it's PID.
On top of that, when I did this, I had a cron script that cleared the "alerts" database every month, while the "archive" database was never cleared, so it maintained all the packets it had ever seen.
Hope that was clear, Steve Jason Alexander wrote:
Is is possible to have barnyard output to multiple databases at once. I would like to have a database that everyone can look at and remove alerts once they have been process but would like to keep an archive database of everything that was logged for reference.Thanks Jason ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard and Multiple DB Connections Jason Alexander (Sep 22)
- Re: Barnyard and Multiple DB Connections Steve Suppe (Sep 24)
- <Possible follow-ups>
- Re: Barnyard and Multiple DB Connections John Creegan (Sep 22)