[Snort-users] barnyard to db

Erek Adams erek at ...577...
Thu Oct 4 09:06:04 EDT 2001


On Thu, 4 Oct 2001, Frank Reid wrote:

> I'm confused on barnyard.  From mailing list discussion and docs, I
> presume it rolls up the Snort binary output and performs the database
> insertions directly (rather than having Snort insert "real-time" into
> the database via the output preprocessor).  Is that's correct, then is
> it of most value if Snort and the database live on the same box?  In a
> distributed Snort sensor environment, one would have to "collect" the
> Snort output by some other means, then have barnyard read it into the
> database?

Actaully Barnyard sorta 'hangs out' waiting on snort to drop something into
the unified logs.  Once it gets it, it proceeds to output it in whatever way
you use.  It's a seperate program that handles the output.  Snort just writes
to the unifed log, and barnyard takes it from there.  Not 'real-time' but
pretty damned close. :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list