Snort mailing list archives
Mult snort instances and portscan logging
From: "Stephen Shepherd" <drew600_1999 () yahoo com>
Date: Thu, 25 Oct 2001 12:06:24 -0600
I am running 3 instances of Snort(under Win2k) and I would like to consolidate the portscan logs. Since ACID will only let me reference one file for Portscan data I would like to have the portscan logs combined. I assume it would not be wise to write to the same log from all three instances. Questions: Will barnyard collect this data together as well as Alert data? Could I just concatenate them and reference the combined file in ACID, or do the entries need to be in chronological order? BTW any idea when Barnyard will support Microsoft SQL? I would be more than happy to help test that. Implementing Barnyard is the next big step in my IDS project. Thanks in advance.
Current thread:
- Mult snort instances and portscan logging Stephen Shepherd (Oct 25)
- Re: Mult snort instances and portscan logging Andrew R. Baker (Oct 25)
- RE: Mult snort instances and portscan logging Stephen Shepherd (Oct 26)
- <Possible follow-ups>
- Re: Mult snort instances and portscan logging roman (Oct 25)
- RE: Mult snort instances and portscan logging Stephen Shepherd (Oct 26)
- RE: Mult snort instances and portscan logging roman (Oct 26)
- RE: Mult snort instances and portscan logging Stephen Shepherd (Oct 26)
- RE: Mult snort instances and portscan logging roman (Oct 26)
- RE: Mult snort instances and portscan logging Stephen Shepherd (Oct 26)
- Re: Mult snort instances and portscan logging Andrew R. Baker (Oct 25)