[Snort-users] Mult snort instances and portscan logging

Stephen Shepherd drew600_1999 at ...131...
Fri Oct 26 08:44:13 EDT 2001


Just an Idea here but could not the DB plugin support from snort be ported
over to Barnyard?  It would be nice if the Snort DB plugin could be made
into a portable module that could be built into other apps off the shelf.
Tom Liston's Labrea could make use of this for logging into a snort DB.
Then Labrea activity could be viewable in ACID.  I am sure other utils could
benifit from this as well.

YOP

-----Original Message-----
From: natasha at ...1609... [mailto:natasha at ...1609...]On
Behalf Of Andrew R. Baker
Sent: Thursday, October 25, 2001 13:43
To: drew600_1999 at ...131...
Cc: Snort Users List (E-mail)
Subject: Re: [Snort-users] Mult snort instances and portscan logging



Comments inline.

> Stephen Shepherd wrote:
>
> Questions [about portscan logs]:
> Will barnyard collect this data together as well as Alert data?

Barnyard does not support reading the portscan logs at this time.  There
is work being done on an updated portscan detector that will output data
capable of being read by barnyard.

>
> BTW any idea when Barnyard will support Microsoft SQL?  I would be
> more than happy to help test that.  Implementing Barnyard is the next
> big step in my IDS project.

Postgres support is currently being worked on for the barnyard database
output plugin.  MS SQL support will be included in the future, but that
may take some time.

-A


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list