Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and SQL database

From: Jeremy Hoel <jthoel () gmail com>
Date: Fri, 1 Feb 2013 23:51:59 +0000
No worries man..  I don't use pfsense so I'm not sure what it is they
are doing.. sorry.

Snort and barnyard questions.. no problem. hehe


On Fri, Feb 1, 2013 at 11:49 PM, Josh Bitto <jbitto () onlineschool ca> wrote:

Yes Jeremy you are...no offense :P

In pfsense you can install the snort package and one of the dependencies would be barnyard2 which it installs 
automatically. Everything is setup for you so you don't have to edit any config files on the firewall. Barnyard has 
an already made up schema that you can copy and paste into your sql database. That's probably what I'm dealing with.



-----Original Message-----
From: Jeremy Hoel [mailto:jthoel () gmail com]
Sent: Friday, February 01, 2013 3:46 PM
To: Josh Bitto
Cc: Snort Users
Subject: Re: [Snort-users] Snort and SQL database

Well assuming PFSense is a firewall and reporting on every block/pass/whatever of traffic.. that will look completely 
different then a snort alert which only reports on traffic that hit against a rule; they are not the same thing.  You 
could have valid traffic all day long and never trigger an alert.. but the firewall logs might be busy logging all 
traffic.

But I could be missing the point of your question completely.



On Fri, Feb 1, 2013 at 11:22 PM, Josh Bitto <jbitto () onlineschool ca> wrote:

I have after a week of battling with this finally got everything going on snort and then using barnyard2 to send the 
alerts to mysql.....However, when I export the data from the sql database it doesn't look the same at all as the 
report in pfsense....

I used barnyard2's schema file to create the database and I'm not sure if that has something to do with it.


Any suggestions?


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: