Snort mailing list archives
Re: [Barnyard-users] Barnyard alert_fast and log_dump question ...
From: Bamm Visscher <bamm.visscher () gmail com>
Date: Mon, 4 Oct 2004 19:47:47 -0500
You have to run two instances of barnyard as it can't process two unified filetypes at the same time. The only other option right now would be to hack together a custom output plugin that read unified log and outputed to both the db and an alert fast type output. Bammkkkk On Mon, 4 Oct 2004 17:00:05 -0600, Sam Evans <wintrmte () gmail com> wrote:
Sorry for the X-Post, but the barnyard-users list appears to be either dead, or incredibly inactive.. Anyhow, I am hoping that someone here know the answer to my question.. I am trying to log both the alert_fast and log_dump information. The problem I am running into is this... If I use the -f option (base file name) and specify the alert unified file, then it logs the alert_fast information to both syslog and plain text file (exactly as I want). What I don't get, is any of the packet dump information being logged to the database, or the packet.dump file (Which, this makes sense because the alert unified file contains just that, alert fast info). Now, if I tell -f to use the log unified file, then I get exaclty the opposite.. Nothing gets logged to Syslog, or the alert.fast plain text file. I do get my packet.dump plain text file as well as full packet information into the database. Ideally, I could live with this scenario if it would just log the alert fast information to Syslog.... My question here is, how do I get both? Thanks, Sam
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Barnyard alert_fast and log_dump question ... Sam Evans (Oct 04)
- Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Bamm Visscher (Oct 04)
- Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Sam Evans (Oct 04)
- Re: Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Alex Butcher, ISC/ISYS (Oct 05)
- Re: Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... sam (Oct 05)
- Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Bamm Visscher (Oct 05)
- Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... sekure (Oct 05)
- Re: Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... sam (Oct 05)
- Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Sam Evans (Oct 04)
- Re: Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Edin Dizdarevic (Oct 05)
- Re: Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... sam (Oct 05)
- Re: [Barnyard-users] Barnyard alert_fast and log_dump question ... Bamm Visscher (Oct 04)