[Snort-users] Mult snort instances and portscan logging

Stephen Shepherd drew600_1999 at ...131...
Thu Oct 25 11:06:09 EDT 2001


I am running 3 instances of Snort(under Win2k) and I would like to
consolidate the portscan logs. Since ACID will only let me reference one
file for Portscan data I would like to have the portscan logs combined.  I
assume it would not be wise to write to the same log from all three
instances. 
 
Questions:
Will barnyard collect this data together as well as Alert data? 
Could I just concatenate them and reference the combined file in ACID, or do
the entries need to be in chronological order?
 
BTW any idea when Barnyard will support Microsoft SQL?  I would be more than
happy to help test that.  Implementing Barnyard is the next big step in my
IDS project.
 
Thanks in advance.
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011025/965d351a/attachment.html>


More information about the Snort-users mailing list