Re: Barnyard2

[Jeremy Hoel <jthoel () gmail com>]

To use most web based tools you need to send the data from unified2 to a
mysql.. you use barnyard2 for that.  IF you want to use cli you can use
some tools to explore unified2 files, or you can use a SIEM tool that can
get the data via syslog or something.  You could also use sguil and it has
a whole other set of tools.

So really, it depends on how you want to view your data.

You might check out Security Onion as it has a few of these and can give
you some options.

On Sat, Jan 17, 2015 at 1:30 AM, Mike Michalak <mike () trail9 com> wrote:

> Ah ok, that is a good question.  I'm not quite sure, any suggestions?
>
> Regards,
>
> Mike Michalak
> M +219.921.9619
> O +708.320.8643
> Trail 9 | trail9.com
>
>
>
>
> On Fri, Jan 16, 2015 at 6:21 PM, Shirkdog <shirkdog () gmail com> wrote:
>
> > How do you plan on viewing alert data?
> >
> > Once you answer that question, you can look at how barnyard2 will help
> > you.
> >
> > ---
> > Michael Shirk
> >
> >
> > On Fri, Jan 16, 2015 at 9:29 AM, Mike Michalak <mike () trail9 com> wrote:
> > > I have installed Snort and I am in the testing phase.
> > >
> > > What are your thoughts on using Barnyard2 with snort?  Is it worth it
> > or not
> > > needed.
> > >
> > > I am running snort on a CentOS 6.5 box.
> > >
> > > Regards,
> > >
> > > Mike
> > ------------------------------------------------------------------------------
> > > New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> > > GigeNET is offering a free month of service with a new server in
> > Ashburn.
> > > Choose from 2 high performing configs, both with 100TB of bandwidth.
> > > Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> > > http://p.sf.net/sfu/gigenet
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > Snort
> > > news!
>
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!