Snort mailing list archives
Re: Snortsam patch for 2.9.3.1
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Mon, 19 Nov 2012 13:14:12 -0600
The idea behind by2 is to offload the processing of data from snort. Snort writes binary files to the hard drive and then by2 processes those for whatever output format you want to use. With networks routinely using 10GB pipes now, a sniffer app doesn't need to be doing extra work. It's burdened enough just keeping up with the traffic flows. by2 can parse unified2 files, so both snort and sagan files can be read by by2. --On November 19, 2012 12:50:51 PM -0500 waldo kitty <wkitty42 () windstream net> wrote:
On 11/19/2012 12:34, Joel Esler wrote:All output methods are available there. Leaving Snort to do its job as an IDS.i love bikinis! they're short and to the point ;) OB-) [/DOM] but seriously... other than analysis of the alert file and possibly looking at the packets saved in the snort.log.xxxxxxxxxx files, what benefits are there for these small systems? you still need some kind of "front end" right? can barnyard2 be added without loosing or changing what is already available in the existing alert and snort.log.xxxxxxxxxx files? hopefully the answer is "yes" so that existing practice can still be used while BY2 is being incorporated and learned (based on the real benefits it may offer)...Sent from my iPhone On Nov 19, 2012, at 12:28 PM, waldo kitty<wkitty42 () windstream net> wrote:On 11/19/2012 02:27, Robert Z wrote:Yes, everyone should use barnyard2 when possible.besides shoveling the snort alerts off to a database, what other benefits does barnyard2 offer? especially for those small sites that do not or want need a database...------------------------------------------------------------------------- ----- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snortsam patch for 2.9.3.1 Robert Z (Nov 17)
- Re: Snortsam patch for 2.9.3.1 Joel Esler (Nov 18)
- Re: Snortsam patch for 2.9.3.1 Luis Daniel Lucio Quiroz (Nov 18)
- Re: Snortsam patch for 2.9.3.1 Joel Esler (Nov 18)
- Re: Snortsam patch for 2.9.3.1 Jeff Kell (Nov 18)
- Re: Snortsam patch for 2.9.3.1 firnsy (Nov 18)
- Re: Snortsam patch for 2.9.3.1 Robert Z (Nov 18)
- Re: Snortsam patch for 2.9.3.1 waldo kitty (Nov 19)
- Re: Snortsam patch for 2.9.3.1 Joel Esler (Nov 19)
- Re: Snortsam patch for 2.9.3.1 waldo kitty (Nov 19)
- Re: Snortsam patch for 2.9.3.1 Paul Schmehl (Nov 19)
- Re: Snortsam patch for 2.9.3.1 Jeremy Hoel (Nov 19)
- Re: Snortsam patch for 2.9.3.1 waldo kitty (Nov 19)
- Re: Snortsam patch for 2.9.3.1 Jeremy Hoel (Nov 19)
- Re: Snortsam patch for 2.9.3.1 waldo kitty (Nov 19)
- Re: Snortsam patch for 2.9.3.1 Luis Daniel Lucio Quiroz (Nov 18)
- Re: Snortsam patch for 2.9.3.1 Joel Esler (Nov 18)