Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 to remote server

From: Martin Holste <mcholste () gmail com>
Date: Sat, 27 Aug 2011 12:59:29 -0500
Yep, you need unified2 for full packet data, so you're looking at a
custom plugin.

On Sat, Aug 27, 2011 at 12:40 PM, Sherman Boyd <sherman () twocell com> wrote:

Just have Snort or Barnyard output as syslog and have the syslog
server be your custom node.  Parsing syslog is trivial, and you can
the apply your HTML5 wrapper around it.  This will be the best
solution because you do not need to customize Snort or Barnyard--they
can be stock installations.  All of the custom code will be on your
custom node.


Thank you.  After turning off the 'last message repeated 37 times'
functionality in rsyslog that's working nicely.  If I decided that I
wanted the full packet data is there a way to do that with syslog, or
am I looking at writing a custom plugin for by2 at that point?


Best regards,

Sherman Boyd

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: