RE: Session data, alerts, and barnyard

[Ed Quackenbush <equackenbush () riptech com>]

Marty-

I found the answer after some subsequent searching in your initial
announcement for barnyard.  What I am looking for is the full packet log for
alerts, which from your description is not included in the unified alerts
output from snort.

My goal is to extract the maximum amount of information from snort outputs
without crippling the performance.  The xml output from snort seems to have
all the data I could want for both alerts and logs, but from colleagues who
attended Thursday's users group (which I'm very sorry I missed), there was a
performance concern for high traffic devices.  The binary unified output
seems to be the format to use for performance, for which I can use barnyard
for the decode as well.  So, are there any options for getting the full
packet log for alerts in the binary format that I may have missed, and if
not, is there potential to include it (or reasons not to)?

Also, I understand that there was mention of a time based rollover for log
output files Thursday evening.  I would like to suggest a signal approach as
well.  

Thanks,
Edward Quackenbush
equackenbush () riptech com

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users