Snort mailing list archives
Re: Barnyard, Mudpit, and the Unified Output Format
From: Dirk Geschke <Dirk_Geschke () genua de>
Date: Tue, 24 Aug 2004 15:37:11 +0200
Hi, [...]
Which brings me to a topic of discussion. Along with the issue above, there is no payload, no packet data. Now the reason to be running snort in this manner is to help with performance. But I was under the impression that snort will dump everything to the log file, including the payload in a binary format and then a separate process such as Barnyard or Mudpit will decode and input the payload into the MySQL database for use with ACID. I was mucking around with the output code for Mudpit and did find that there is a function for the data and data_payload. I just want to know if this is the true nature of the output plug-in; to allow snort to sniff at top speed, or if there is something wrong with my setup.
probably you have to use the output log_acid_db: keyword in barnyard.conf together with the option detail full e.g: output log_acid_db: mysql, database snort, server localhost, user snort, detail full Note: You can even use the log_acid_db if you use the snort.alert file. Best regards Dirk PS: You can alternatively use FLoP instead of barnyard: http://www.geschke-online.de/FLoP/ ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard, Mudpit, and the Unified Output Format M Shirk (Aug 24)
- Re: Barnyard, Mudpit, and the Unified Output Format Alex Butcher, ISC/ISYS (Aug 24)
- Re: Barnyard, Mudpit, and the Unified Output Format Dirk Geschke (Aug 24)
- <Possible follow-ups>
- Re: Barnyard, Mudpit, and the Unified Output Format Andreas Östling (Aug 25)