RE: snort output

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

Thanks, that leads up to the next question, since I am using sguil, can BY
be configured for 2 simultaneous outputs?  First output to sguil and then
second to ACID?  OR, how much work would be involved to migrate the PHP
scripts from ACID to extract the data from the sguildb instead?

-----Original Message-----
From: Erek Adams [mailto:erek () snort org]
Sent: Tuesday, August 05, 2003 8:14 AM
To: Slighter, Tim
Cc: Snort-Users (E-mail)
Subject: Re: [Snort-users] snort output


On Tue, 5 Aug 2003, Slighter, Tim wrote:

> Can the snort.conf file be configured for more than one output at the same
> time?  In other words, can there be an output for unified for the purpose
of
> Barnyard, and also an output for MySQL Database for the purpose of ACID?
>
> (Snort.conf file extract)
>
> output log_unified: filename snort.log, limit 128
> output database: log, mysql, user=root password=test dbname=db
> host=localhost

Yep.

Keep in mind that you're doing double duty here.  If you're writing to
unified, BY can spool into the MySQL DB easier than the DB output plugin.
Unless of course you're doing this to slowly migrate over to using BY and
want a testing phase....  :)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users