Snort, Barnyard, Mysql

["Raymond Owens" <owensr () comcast net>]

I have several questions relating to the use of Snort, Barnyard and Mysql that hopefully someone can shed some light on.

First , I have heard that if Barnyard is run on the same platform that the Snort sensor resides on, there is no 
performance enhancement because the same box is doing both the sensing and the unified file output parsing. Is this 
true? If so, what methods are employed to get the unified files to another box?

When I imported the snort schema inside the create_mysql file into Mysql v. 5.0.12 it choked on the table 'schema'. 
When I altered the table name before input to 'scheme' the snort database was created successfully and the database 
seemed usable, but I assume something will be unhappy at some point with the changed table name. Anyone run into this 
before?

One item in the project I am working on is providing access to sysadms of various subnets access to the Snort alerts 
pertaining to their subnets while not allowing them to see event information that pertains to subnets they do not 
control. These sysadms are using snort database access agents which are assuming to be provided a database name of form 
'database.*' over which they will have SELECT access to all table to do various types of queries. Has anyone done 
anything similar and can give me general guidance on how to accomplish this? I assume that a 'view' would need to be 
created and a 'grant' to individual users which only give access based on the source an destination IP's falling into 
their domain. Having a little trouble figuring out if these is feasible scheme and what general syntax would look like.

Thanks for any help that can be provided.