Re: clarification between barnyard2 and snort

[Joel Esler <jesler () sourcefire com>]

On Oct 7, 2011, at 7:04 PM, MLP SCADA wrote:

> Trying to configure barnyard2 to work with snort.  Am passing familiar with snort.  Not so much barnyard2.

Output from Snort in unified2.  Barnyard2 will read the unified2 and output into the method you wish.


>  
> Is barnyard2 still considered good practice to use?  Is it a viable project, or is there something else folks are 
> preferring to use now?
> Does barnyard2 want to look in snort.log files?  Or in alert files?  Googling is not conclusive; have seen evidence 
> of both, and some wild things also.

Nope, barnyard2 is perfect.  See above.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!