Snort mailing list archives
RE: barnyard to db
From: "Andrew R. Baker" <andrewb0x29a () yahoo com>
Date: Thu, 4 Oct 2001 09:14:25 -0700 (PDT)
Barnyard is a generic output processing stage for snort. It has a modular output plugin system that is similar (but not identical) to the one found in snort. It reads data from the unified log/alert files (and actually the stream4 binary output file) and calls the appropriate configured output plugins to process the data. The goal is to seperate the core detection engine from any output process that could impact packet capture (like performing SQL inserts). It is valuable in both single system sensors and distributed sensor enviroments. In a distributed enviroment, each sensor would have an instance of barnyard processing the local data and sending it to a central console. -Andrew --- Frank Reid <fcreid () ourcorner org> wrote:
I'm confused on barnyard. From mailing list discussion and docs, I presume it rolls up the Snort binary output and performs the database insertions directly (rather than having Snort insert "real-time" into the database via the output preprocessor). Is that's correct, then is it of most value if Snort and the database live on the same box? In a distributed Snort sensor environment, one would have to "collect" the Snort output by some other means, then have barnyard read it into the database? Frank _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- barnyard to db Mike Poor (Oct 01)
- Re: barnyard to db Andrew R. Baker (Oct 01)
- Re: barnyard to db Jed Pickel (Oct 03)
- Re: barnyard to db Dragos Ruiu (Oct 04)
- RE: barnyard to db Jeff Dell (Oct 04)
- Compile problem Kevin Pietersma (Oct 04)
- Re: barnyard to db Martin Roesch (Oct 04)
- RE: barnyard to db Frank Reid (Oct 04)
- RE: barnyard to db Erek Adams (Oct 04)
- RE: barnyard to db Andrew R. Baker (Oct 04)
- Re: barnyard to db Chris Green (Oct 04)
- Re: barnyard to db Jed Pickel (Oct 03)
- Re: barnyard to db Andrew R. Baker (Oct 01)
- Re: barnyard to db Andrew R. Baker (Oct 04)