[Snort-users] Barnyard and Oracle

AWDELASH at ...7742... AWDELASH at ...7742...
Tue Dec 17 10:49:03 EST 2002


Is anyone working on implementing Oracle support in Barnyard?  If not, are
there plans for future support?  We would like to use Barnyard, but only
have Oracle in our environment.  I would be happy to offer any assistance I
can!

Off topic, has anyone run into problems reprocessing regular binary logs?
If I run snort for a set period of time, logging to an alert  file ( -A
full ) and to a binary file ( -b ).  I stop snort, reprocess my binary log
( -r ) and generate a new alert file ( -A full ) from the binary log.
If my understanding is correct, the two alert files should be identical.
Since the binary log is a packet capture of every alert generated by the
previous live run.  Not only will the two alert files completely differ...
when reprocessing the binary log snort will only alert on a fraction of
events if any at all!

Thanks!

Aaron DeLashmutt
Data Security
Union Pacific Railroad
Phone : (402) 271-4996
Email : awdelash at ...7740...







More information about the Snort-users mailing list