Re: Snortsam patch for 2.9.3.1

[Jeremy Hoel <jthoel () gmail com>]

And the answer to your question is yes.  You can still leave the snort.conf
output to write to the text alert files and also add the unified2 file and
let barnyard2 work on that and migrate over to a new front end over time.
On Nov 19, 2012 9:53 AM, "waldo kitty" <wkitty42 () windstream net> wrote:

> On 11/19/2012 12:34, Joel Esler wrote:
> > All output methods are available there.  Leaving Snort to do its job as
> an IDS.
>
> i love bikinis! they're short and to the point ;) OB-) [/DOM]
>
>
> but seriously... other than analysis of the alert file and possibly
> looking at
> the packets saved in the snort.log.xxxxxxxxxx files, what benefits are
> there for
> these small systems?
>
> you still need some kind of "front end" right?
>
> can barnyard2 be added without loosing or changing what is already
> available in
> the existing alert and snort.log.xxxxxxxxxx files? hopefully the answer is
> "yes"
> so that existing practice can still be used while BY2 is being
> incorporated and
> learned (based on the real benefits it may offer)...
>
> > Sent from my iPhone
> >
> > On Nov 19, 2012, at 12:28 PM, waldo kitty<wkitty42 () windstream net>
>  wrote:
> > > On 11/19/2012 02:27, Robert Z wrote:
> > > > Yes, everyone should use barnyard2 when possible.
> > >
> > > besides shoveling the snort alerts off to a database, what other
> benefits does
> > > barnyard2 offer? especially for those small sites that do not or want
> need a
> > > database...
>
>
>
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!