Snort mailing list archives
Re: Quick Barnyard question...
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 11 Aug 2005 14:41:07 -0500
--On Thursday, August 11, 2005 3:12 PM -0400 Jeff Kell <jeff-kell () utc edu> wrote:
That depends on you. Barnyard parses unified log files and submits the data to the db. That means you can send the logs to the db server and run barnyard there or you can run barnyard on each sensor, parse the logs there and send the data to the db remotely.Probably stoooopid question, but I can't hold back any longer: I'm starting to look into barnyard (number of sensors is growing, need to centralize reporting, moving toward sguil as a goal...) but I haven't been able to find a good quick overview of what it does. I know it accepts unified alert files and can feed databases for later analysis, but specifically: * Is there a Barnyard "master" that sits on the database server, collecting alert files from all the sensors and loading into a database? * Is there a Barnyard "agent" that moves unified alerts from the sensor to the "master"? * Or does Barnyard just run on each sensor and writes back SQL to a common backend database server?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Quick Barnyard question... Jeff Kell (Aug 11)
- Re: Quick Barnyard question... Paul Schmehl (Aug 11)
- Re: Quick Barnyard question... Dirk Geschke (Aug 11)
- <Possible follow-ups>
- Re: Quick Barnyard question... Mihai Petre (Aug 11)
- Re: Quick Barnyard question... Paul Schmehl (Aug 11)
- Re: Quick Barnyard question... Mihai Petre (Aug 11)
- Re: Quick Barnyard question... Paul Schmehl (Aug 11)
- Re: Quick Barnyard question... Jeff Kell (Aug 11)
- Re: Quick Barnyard question... Paul Schmehl (Aug 11)
- Re: Quick Barnyard question... Joel Esler (Aug 13)
- RE: Quick Barnyard question... Min Qiu (Aug 11)
- RE: Quick Barnyard question... Min Qiu (Aug 15)
(Thread continues...)