Snort mailing list archives
Re: BASE sensor name
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 1 Aug 2011 11:34:45 -0400
On Aug 1, 2011, at 11:26 AM, beenph wrote:
On Mon, Aug 1, 2011 at 11:18 AM, Lay, James <james.lay () wincofoods com> wrote:That –F didn’t make a difference, bummer but eh..I’ll deal with it. As for db logging, I’m trying to get the best of both worlds…direct to db via snort for BASE, and using barnyard2 for sguil…maybe not the best way, but eh…I want to have a couple frontends to work with for reporting and whatnot. Thanks gents.You should use db logging from BY2 James, since you can have logging from two output pluggins, it would be more efficient for the ole process to have both output pluggins configured there and i think you wouldn't have that problem with the sensor name.
I agree. http://blog.snort.org/2011/06/snorts-output-methods.html Joel ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- BASE sensor name Lay, James (Aug 01)
- Re: BASE sensor name Joel Esler (Aug 01)
- Re: BASE sensor name Lay, James (Aug 01)
- Message not available
- Re: BASE sensor name Lay, James (Aug 01)
- Re: BASE sensor name beenph (Aug 01)
- Re: BASE sensor name Joel Esler (Aug 01)
- Re: BASE sensor name Lay, James (Aug 01)
- Re: BASE sensor name Lay, James (Aug 01)
- Re: BASE sensor name Joel Esler (Aug 01)