Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard??

From: Erek Adams <erek () snort org>
Date: Wed, 6 Aug 2003 09:52:48 -0400 (EDT)
On Tue, 5 Aug 2003, Stevo wrote:


I'm a newbie... what's Barnyard??  I have Snort running and hear people
talking about it on this message board... so what is it!!!


BarnYard (BY) is an Database input program that works alongside Snort.
The basic problem with the DB output plugin is that if for some reason,
you lose the connection to the DB, you lose data.  No alerts, no data.
It's just like Snort died on you.  BY handles this by 'spooling' the data.
It reads a specially formatted (unified) file, sends the data to the DB
and makes the needed insertions.  If connectivity drops, the DB is
rebooted, or whatever, BY just hangs around and waits for it to come back.
When it does, BY starts sending where it left off and continues up to the
current time.  Then it just waits on new alerts for it to send.  And the
process starts all over again....  :)

Hope that helps!  Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: