Snort mailing list archives
Re: Barnyard2 alternatives?
From: Jim Hranicky <jfh () ufl edu>
Date: Tue, 04 Aug 2015 10:16:02 -0400
On 08/04/2015 08:25 AM, Richard Monk wrote:
Hi folks! TL;DR: Barnyard2 takes forever to start and I have a hundred instances that need to start on a system. Pigsty doesn't work, are there alternates?
[...]
If you know of something that works but doesn't write to the snort DB schema, I'm OK with that as we have some internal tools that we are using that are slowly replacing Snorby. Is there a patchset to barnyard2 maybe that does multiple sensors at once, or improves startup time?
I created a patch that disables the reference table. There's already a directive to disable the sig_reference table (we don't really use either). You should be able to specify both like so after you install the patch. output database: log, mysql, user=user dbname=snortdb host=localhost \ disable_signature_reference_table=1 disable_reference_table=1 Barnyard starts up much quicker this way, within a couple of minutes. -- Jim Hranicky Data Security Specialist UF Information Technology Information Security Office
Attachment:
by2-disable-ref-table-patch.txt
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)
- Re: Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)
- Re: Barnyard2 alternatives? Jaime Nebrera (Aug 06)
- Re: Barnyard2 alternatives? Richard Monk (Aug 04)
- Re: Barnyard2 alternatives? Jim Hranicky (Aug 04)
- Re: Barnyard2 alternatives? Doug Burks (Aug 04)