[Snort-devel] Snort and barnyard anomalies.
Andrew R. Baker
andrewb at ...835...
Thu Oct 31 19:29:01 EST 2002
John D. wrote:
> Is there anyone on this list familiar enough to help me find
> out how BarnYard uses the code in snort's "log.c" module. I'm
> doing some interesting experiments by doing just a little more
> then logging when I get a snort event. But for some reason,
> that piece of code that calls my routines, are not getting called.
> Is it my understanding that Barnyard does it's OWN logging, and
> in no way uses the "log.c" in the Snort release?
You are correct that Barnyard does not use log.c from Snort. All of
Barnyard's output systems use their own code. Is there anything in
particular that you are noticing that is different in the output from
Barnyard and Snort that you want addressed?
> Can someone shed some light on this? Or refer me to any other
> existing written information I can consult?
There is not much written documentation on how Barnyard works since I
have not been a documentation writing mood for a while. But if you have
any questions, I should be able to answer them (with regards to Barnyard
that is) since I did write most of the code....
More information about the Snort-devel