Re: Barnyard2 alternatives?

[Richard Monk <rmonk () redhat com>]

On 08/04/2015 08:43 AM, Doug Burks wrote:
> Hi Richard,
>
> Yes, we've also experienced performance issues when running multiple
> barnyard2 instances connecting to the same database with the database
> output plugin.  However, the barnyard2 output plugins for Sguil and
> syslog seem to work well for us.  Have you considered replacing Snorby
> with Sguil/Squert or some standard log collector like ELSA?

We took a look at Sguil/Squert and were unimpressed with the feature set (in
fact, we're slowly getting rid of snorby for the same reason).  I'll take a look
again.

Right now, we like having the packet data that comes with "native" DB storage,
although we're spinning up full packet capture/Bro to offset needing that as well.

ELSA/Splunk are on the table, but that would be a big change for us in terms of
our workflow (having somewhere to tag/comment/etc)

-- 
Richard Monk (rmonk () redhat com) - Security Analyst
Red Hat, Raleigh NC
GPG Key ID: 0x942CDB25

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!