[Snort-devel] Snort and barnyard anomalies.

Andrew R. Baker andrewb at ...835...
Thu Oct 31 19:29:01 EST 2002


John D. wrote:
> Is there anyone on this list familiar enough to help me find 
 > out how BarnYard uses the code in snort's "log.c" module.   I'm
 > doing some interesting experiments by doing just a little more
 > then logging when I get a snort event.  But for some reason,
 > that piece of code that calls my routines,  are not getting called.
> 
> Is it my understanding that Barnyard does it's OWN logging,  and 
 > in no way uses the "log.c" in the Snort release?

You are correct that Barnyard does not use log.c from Snort.  All of 
Barnyard's output systems use their own code.  Is there anything in 
particular that you are noticing that is different in the output from 
Barnyard and Snort that you want addressed?


> Can someone shed some light on this?   Or refer me to any other 
 > existing written information I can consult?

There is not much written documentation on how Barnyard works since I 
have not been a documentation writing mood for a while.  But if you have 
any questions, I should be able to answer them (with regards to Barnyard 
that is) since I did write most of the code....

-A





More information about the Snort-devel mailing list