Re: reboot the DB

[Erek Adams <erek () snort org>]

On Mon, 7 Jul 2003, Bryan Irvine wrote:

> So I should redo the setup and have snort log to this barnyard something
> or other instead of postgres, and barnyard will take care of logging to
> postgres so acid can still see the alerts?  I got the order right?

There's not much to really "redo".  Build and install Barnyard, change
your output plugin from DB to unified, configure Barnyard to look at the
right files and DB, and start up BY and Snort.  Snort sends the
alerts to the unified log file, BY then reads the file from disk and sends
the data to the DB.  If network drops or if the DB doesn't respond, BY
simply waits until it becomes active before starting to send the alerts
again.

One thing you might want to check on is how well BY works with Postgres.
I'm pretty sure it works, but something in the back of my mind make me
think there was an issue.  I can't recall if that's the case or not.  You
can check the archives here [0].

Anyone have any experience in using Barnyard and Snort with Postgres?

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]     http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users