[Snort-users] barnyard-0.1.0beta4

bthaler at ...2720... bthaler at ...2720...
Fri Feb 22 07:01:17 EST 2002


If, by "There are probably a few quirks but its the same format" you're referring to the incompatible database schemas in use, then
yes, it's the same.

Demarc uses a different database structure than Acid.

The comments for the Acid output plugin in the barnyard.conf file state:
"Used to output data into the db schema used by ACID"

While I have not actually verified this, I assume it's referring to Acid's schema, and not some generic schema.  Because of this,
the writes would fail, looking for tables such as "acid_event", etc.  These don't exist in a Demarc schema'd database, so, well you
get my point.

If, on the other hand, this output plugin writes to the generic snort tables present in both Acid and Demarc, then that's a
different story.  Again, I'm going to assume that "Used to output data into the db schema used by ACID" means just that.  If this is
not the case, then I suggest that someone either correct the comments in barnyard.conf, or rename the plugin.

Anyway, I'm just trying to verify where this plugin actually writes to (db tables) without having to install, configure and run it
myself.

Thanks for your help.







Sincerely,

Brad T.




----- Original Message -----
From: "Chris Green" <cmg at ...671...>
To: <bthaler at ...2720...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, February 22, 2002 9:37 AM
Subject: Re: [Snort-users] barnyard-0.1.0beta4


> <bthaler at ...2720...> writes:
>
> > Is there any support for Demarc in barnyard-01.10beta4?  I found an output
> > plugin for Acid, but nothing for Demarc.  Is this planned, or am I missing
> > something, or will Demarc not be supported at all?
>
> It's the same database format used by both.  There are probably a few
> quirks but its the same format
> --
> Chris Green <cmg at ...671...>
> To err is human, to moo bovine.
>





More information about the Snort-users mailing list