Snort mailing list archives
HELP: Dealing with 2 output plugin, is it ok?
From: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 () yahoo com>
Date: Wed, 14 Nov 2007 18:37:21 -0800 (PST)
Hi guys, Reminding, I'm on my research deploying an IDS system with active response. Because there is no 'clean' SnortSam patch yet for Snort-2.8.0, so I decided to use snort-snortsam-2.7.0 pre-patched one. There is something that I've to ask Is it fine to use SnortSam output plugin (on snort mechine) together with the unified output plugin? I need unified output plugin to work with Barnyard and send the result to MySQL server to work with BASE-1.3.8 meanwhile I do need the snortsam output plugin to send the bad IP address and have it blocked in snortsam blocking agent that runs on firewall mechine?! any response will greatly appreciated. I need more explaination here... Thanks in advance ~ Mat (^^) ~ ____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP: Dealing with 2 output plugin, is it ok? Rachmat Hidayat Al-Anshar (Nov 14)
- Re: HELP: Dealing with 2 output plugin, is it ok? Joel Esler (Nov 14)