Snort mailing list archives
Re: HELP: Dealing with 2 output plugin, is it ok?
From: Joel Esler <joel.esler () sourcefire com>
Date: Wed, 14 Nov 2007 22:56:26 -0500
This should work fine. I know of several people that do it. Joel On Nov 14, 2007, at 9:37 PM, Rachmat Hidayat Al-Anshar wrote:
Hi guys,Reminding, I'm on my research deploying an IDS system with active response. Because there is no 'clean' SnortSam patch yet for Snort-2.8.0, so I decided to use snort-snortsam-2.7.0 pre-patched one. There is something that I'veto askIs it fine to use SnortSam output plugin (on snort mechine) together with the unified output plugin? I need unified output plugin to work with Barnyard and send the result to MySQL server to work with BASE-1.3.8 meanwhile I do need the snortsam output plugin to send the bad IP address and have it blocked in snortsam blocking agent that runs on firewall mechine?! any response will greatlyappreciated. I need more explaination here... Thanks in advance ~ Mat (^^) ~Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how .-------------------------------------------------------------------------This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop.Now Search log events and configuration files using AJAX and a browser.Download your FREE copy of Splunk now >> http://get.splunk.com/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP: Dealing with 2 output plugin, is it ok? Rachmat Hidayat Al-Anshar (Nov 14)
- Re: HELP: Dealing with 2 output plugin, is it ok? Joel Esler (Nov 14)