Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 alternatives?

From: Jaime Nebrera <jnebrera () redborder org>
Date: Thu, 06 Aug 2015 16:13:02 +0000
Hi Richard,

We have open sourced an extension to BY2 to output Unified2 messages into
Apache Kafka for high performance. Take a look in our github repository
www.github.com/redborder

As for an alternative to view those events I would suggest redBorder
project, of course, as part of it ;)

El mar., 4 de agosto de 2015 14:54, Richard Monk <rmonk () redhat com>
escribió:


On 08/04/2015 08:43 AM, Doug Burks wrote:

Hi Richard,

Yes, we've also experienced performance issues when running multiple
barnyard2 instances connecting to the same database with the database
output plugin.  However, the barnyard2 output plugins for Sguil and
syslog seem to work well for us.  Have you considered replacing Snorby
with Sguil/Squert or some standard log collector like ELSA?


We took a look at Sguil/Squert and were unimpressed with the feature set
(in
fact, we're slowly getting rid of snorby for the same reason).  I'll take
a look
again.

Right now, we like having the packet data that comes with "native" DB
storage,
although we're spinning up full packet capture/Bro to offset needing that
as well.

ELSA/Splunk are on the table, but that would be a big change for us in
terms of
our workflow (having somewhere to tag/comment/etc)

--
Richard Monk (rmonk () redhat com) - Security Analyst
Red Hat, Raleigh NC
GPG Key ID: 0x942CDB25


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: