Re: snort output

[Bamm Visscher <bamm () satx rr com>]

To answer your question:

  http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5

But why oh why would you do this?  The whole point of barnyard is to take the overhead of output plugins off from 
snort.  This might not be such a big deal if you were using '-A fast', but you are talking about the slowest plugin out 
there and probably the primary reason that barnyard was developed. Do yourself a favour and use the ACID plugin in for 
barnyard (op_acid_db).

Bammkkkk


On Tue, Aug 05, 2003 at 06:39:57AM -0600, Slighter, Tim wrote:
> Can the snort.conf file be configured for more than one output at the same
> time?  In other words, can there be an output for unified for the purpose of
> Barnyard, and also an output for MySQL Database for the purpose of ACID?
>
> (Snort.conf file extract)
>
> output log_unified: filename snort.log, limit 128
> output database: log, mysql, user=root password=test dbname=db
> host=localhost


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users