Re: Snort / Barnyard2 Placement

[Jeremy Hoel <jthoel () gmail com>]

We use barnyard on each sensor and have that read the u2 and send up
to the central server.  actually, we use sguil so it uses that, but in
either case, it's a better option then sending u2 files all over the
place.  You can customize each sensor on it's own box and not try and
track everything on one box.

On Wed, Sep 26, 2012 at 5:30 PM, Turnbough, Bradley E.
<bturnbough () belcan com> wrote:
> Say I have 50 Sensors and 1 web server with snorby / mysql / apache….
>
>
>
> Do you guys recommend putting barnyard2 on the 50 sensors and then inserting
> the data over to wire to the mysql database, or should I ship the U2 files
> over to the webserver with 1 instance of Barnyard2 and insert the data from
> there?
>
>
>
>
>
> This e-mail transmission contains information that is confidential and may
> be privileged. It is intended only for the addressee(s) named above. If you
> receive this e-mail in error, please do not read, copy or disseminate it in
> any manner. If you are not the intended recipient, any disclosure, copying,
> distribution or use of the contents of this information is prohibited.
> Please reply to the message immediately by informing the sender that the
> message was misdirected. After replying, please erase it from your computer
> system. Your assistance in correcting this error is appreciated.
>
> ------------------------------------------------------------------------------
> How fast is your code?
> 3 out of 4 devs don\\\'t know how their code performs in production.
> Find out how slow your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219672;13503038;z?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!