Re: Fwd: Snort not righting to DB

[Dirk Geschke <dirk () geschke-online de>]

Hi Louis,

> I have 4 interfaces on this machine.  One to communicate to it and 3 in
> passive mode.  Snort is righting to
> /var/log/snort/{interface}/snort.log.{some number}.  Is barnyard smart
> enough to look in to all the interface directories and read the
> snort.log file?  Or do I need to do something different?

I suspect that you have to run either one barnyard version for
each snort. Otherwise: How will you separate the different 
Interfaces?

> Lastly, is Barnyard the best tool for loading the data in to the
> database or would something like Syslog-NG be better?

Oh, you can even use FLoP to write the alerts to a database:

   http://www.geschke-online.de/FLoP/

It does nearly the same es barnyard except that there are no files
created on the sensor. The alerts are written directly via an unix
socket to the program which forwards the alerts to the database.

Best regards

Dirk

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users