Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 to remote server

From: Sherman Boyd <sherman () twocell com>
Date: Sat, 27 Aug 2011 07:54:57 -0700
Your objective is to send "alert_fast" type events over the network to
your remote system running on 192.168.9.1:1212.
What service is running on that port and what type of input it is expecting?


The service will be a custom node.js application, so the type of input
can really be whatever.  I imagine that ASCII "alert_fast" type input
will be way easier to parse than snort unified.

Best regards,

Sherman Boyd






On Sat, Aug 27, 2011 at 12:18 AM, beenph <beenph () gmail com> wrote:

On Sat, Aug 27, 2011 at 2:15 AM, Sherman Boyd <sherman () twocell com> wrote:

Hi,

I'm working on a realtime visualization project for snort.  I'd like
snort to pump all it's data over tcp/ip to a remote server, running
custom node server that parcels out each event to an html5 server.   I
don't want to use SQL, but other than that I'm pretty flexible with
how the data is encapsulated.  Is there an existing barnyard2 plugin
that will meet my needs?  Do I need to write a custom by2 output
plugin?  Or is there a way to pump the data out directly from snort?

To put it another way, I'm looking for alert_fast, except I don't want
to write to a file I want to send it to 192.168.9.1:1212.




Your objective is to send "alert_fast" type events over the network to
your remote system running on 192.168.9.1:1212.
What service is running on that port and what type of input it is expecting?

If you need a specialized output mode, then you might base your self
on an the already existing output plugin
and add the code you need, or has you mentionned write your own output
plugin from ground up.

Do not hesitate to join our barnyard2 Mailinglist (google group)
-elz



------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: