waldogps - monitor multiple copies of barnyard running against multiple databases

[Richard Harman <snort () richardharman com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I developed a small perl script to suit a particular need at my office -
we have a bunch of snort sensors, logging to multiple databases to make
sure that we can do analysis on our snort events in the event that a
database box goes down (maintenance, network, .. etc).

I've got Snort writing unified logs, with barnyard sending the events to
the sql servers.  The problem I ran into was that you can't have
barnyard write to two databases at once -- but you can run two copies!

So I wrote a small management script called WaldoGPS.  This script
monitors the .waldo file of multiple barnyard processes (that write to
different databases), and deletes the unified log file only after all
the barnyard processes have finished reading events from that log file.

I've made waldogps available here: http://www.xabean.com/code/waldogps.
 I hope ths snort community finds it useful!

Take care,
Richard Harman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC0EG23rKdb192Vz8RAtWaAJ4q7pTOOHx+MdiIpo1aEftzUBuCsgCeMVjb
YzEHXDqsH08TZ09ajj1AKFI=
=vc6G
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users