[Snort-users] barnyard to db
cmg at ...671...
Thu Oct 4 09:17:02 EDT 2001
"Frank Reid" <fcreid at ...691...> writes:
> I'm confused on barnyard. From mailing list discussion and docs, I
> presume it rolls up the Snort binary output and performs the database
> insertions directly (rather than having Snort insert "real-time" into
> the database via the output preprocessor).
Right. It means the postprocessing of the alert is separated from the
> Is that's correct, then is it of most value if Snort and the
> database live on the same box?
> In a distributed Snort sensor environment, one would have to
> "collect" the Snort output by some other means, then have barnyard
> read it into the database?
Right or write a barnyard plugin that sends the files over the
network. Think of snort + barnyard as "portable threads".
Snort does the logging. Barnyard sends the alerts that once can then
process in whatever way they please while handling bursty traffic.
Chris Green <cmg at ...671...>
You now have 14 minutes to reach minimum safe distance.
More information about the Snort-users