Snort mailing list archives
Re: Barnyard2 alternatives?
From: Richard Monk <rmonk () redhat com>
Date: Tue, 4 Aug 2015 08:53:31 -0400
On 08/04/2015 08:43 AM, Doug Burks wrote:
Hi Richard, Yes, we've also experienced performance issues when running multiple barnyard2 instances connecting to the same database with the database output plugin. However, the barnyard2 output plugins for Sguil and syslog seem to work well for us. Have you considered replacing Snorby with Sguil/Squert or some standard log collector like ELSA?
We took a look at Sguil/Squert and were unimpressed with the feature set (in fact, we're slowly getting rid of snorby for the same reason). I'll take a look again. Right now, we like having the packet data that comes with "native" DB storage, although we're spinning up full packet capture/Bro to offset needing that as well. ELSA/Splunk are on the table, but that would be a big change for us in terms of our workflow (having somewhere to tag/comment/etc) -- Richard Monk (rmonk () redhat com) - Security Analyst Red Hat, Raleigh NC GPG Key ID: 0x942CDB25
Attachment:
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)
- Re: Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)
- Re: Barnyard2 alternatives? Jaime Nebrera (Aug 06)
- Re: Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Jim Hranicky (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)