Snort mailing list archives
Re: Run an external program
From: Bennett Todd <bet () rahul net>
Date: Wed, 5 Mar 2003 13:11:31 -0500
2003-03-05T13:01:43 Erek Adams:
What might even be a better solution would be to write an output plugin for BarnYard that sends alerts off to another process for <whatever>.
If the info carried in the unified log format for Barnyard is desired, then using Barnyard as the framework for the logfile tailing may well be the best engineering solution. But for many applications, the combination of simple fast alert logging to a textfile, or syslog logging of alerts, plus libpcap-format dumpfiles of packet captures for offline forensic analysis, lets you get the job done handily; and I don't know of any reason why Barnyard would be a better logfile tailer than the more generic tools like swatch. And since the unified log format carries more data than fast text alerts or syslog alerts, tailing and processing that file would be more expensive. -Bennett
Attachment:
_bin
Description:
Current thread:
- Run an external program Gregory . Kane (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Jack Whitsitt (jofny) (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Jack Whitsitt (jofny) (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)
- Re: Run an external program Bennett Todd (Mar 05)
- Re: Run an external program Erek Adams (Mar 05)