[Snort-users] barnyard to db

Frank Reid fcreid at ...691...
Thu Oct 4 08:59:02 EDT 2001


I'm confused on barnyard.  From mailing list discussion and docs, I
presume it rolls up the Snort binary output and performs the database
insertions directly (rather than having Snort insert "real-time" into
the database via the output preprocessor).  Is that's correct, then is
it of most value if Snort and the database live on the same box?  In a
distributed Snort sensor environment, one would have to "collect" the
Snort output by some other means, then have barnyard read it into the
database?

Frank






More information about the Snort-users mailing list