Re: Barnyard2 alternatives?

[Jim Hranicky <jfh () ufl edu>]

On 08/04/2015 08:25 AM, Richard Monk wrote:
> Hi folks!
>
> TL;DR: Barnyard2 takes forever to start and I have a hundred instances that need
> to start on a system.  Pigsty doesn't work, are there alternates?
[...]
> If you know of something that works but doesn't write to the snort DB schema,
> I'm OK with that as we have some internal tools that we are using that are
> slowly replacing Snorby.  Is there a patchset to barnyard2 maybe that does
> multiple sensors at once, or improves startup time?

I created a patch that disables the reference table. There's already a 
directive to disable the sig_reference table (we don't really use
either). You should be able to specify both like so after you install 
the patch. 

 output database: log, mysql, user=user dbname=snortdb host=localhost \
 disable_signature_reference_table=1 disable_reference_table=1

Barnyard starts up much quicker this way, within a couple of minutes. 

--
Jim Hranicky
Data Security Specialist
UF Information Technology
Information Security Office

Attachment: by2-disable-ref-table-patch.txt
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!