Re: Quick Barnyard question...

[Paul Schmehl <pauls () utdallas edu>]

--On Thursday, August 11, 2005 3:12 PM -0400 Jeff Kell <jeff-kell () utc edu> 
wrote:

> Probably stoooopid question, but I can't hold back any longer:
>
> I'm starting to look into barnyard (number of sensors is growing, need to
> centralize reporting, moving toward sguil as a goal...) but I haven't
> been able to find a good quick overview of what it does.  I know it
> accepts unified alert files and can feed databases for later analysis,
> but specifically:
>
> * Is there a Barnyard "master" that sits on the database server,
> collecting alert files from all the sensors and loading into a database?
>
> * Is there a Barnyard "agent" that moves unified alerts from the sensor
> to the "master"?
>
> * Or does Barnyard just run on each sensor and writes back SQL to a
> common backend database server?
That depends on you.  Barnyard parses unified log files and submits the 
data to the db.  That means you can send the logs to the db server and run 
barnyard there or you can run barnyard on each sensor, parse the logs there 
and send the data to the db remotely.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users