Snort mailing list archives
Re: Barnyard2 to remote server
From: beenph <beenph () gmail com>
Date: Sat, 27 Aug 2011 03:18:43 -0400
On Sat, Aug 27, 2011 at 2:15 AM, Sherman Boyd <sherman () twocell com> wrote:
Hi, I'm working on a realtime visualization project for snort. I'd like snort to pump all it's data over tcp/ip to a remote server, running custom node server that parcels out each event to an html5 server. I don't want to use SQL, but other than that I'm pretty flexible with how the data is encapsulated. Is there an existing barnyard2 plugin that will meet my needs? Do I need to write a custom by2 output plugin? Or is there a way to pump the data out directly from snort? To put it another way, I'm looking for alert_fast, except I don't want to write to a file I want to send it to 192.168.9.1:1212.
Your objective is to send "alert_fast" type events over the network to your remote system running on 192.168.9.1:1212. What service is running on that port and what type of input it is expecting? If you need a specialized output mode, then you might base your self on an the already existing output plugin and add the code you need, or has you mentionned write your own output plugin from ground up. Do not hesitate to join our barnyard2 Mailinglist (google group) -elz ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 to remote server Sherman Boyd (Aug 26)
- Re: Barnyard2 to remote server beenph (Aug 27)
- Re: Barnyard2 to remote server Sherman Boyd (Aug 27)
- Re: Barnyard2 to remote server Martin Holste (Aug 27)
- Re: Barnyard2 to remote server Sherman Boyd (Aug 27)
- Re: Barnyard2 to remote server Martin Holste (Aug 27)
- Re: Barnyard2 to remote server Sherman Boyd (Aug 27)
- Re: Barnyard2 to remote server beenph (Aug 27)