[Snort-users] barnyard question?
OSalako at ...5295...
Wed May 8 10:57:25 EDT 2002
i have got barnyard working, well so i thought. i am running it in deamon
mode and it reads an unified alert file created by snort, when the file is
not in my /var/log/snort directory barnyard exits with a no file to read
error. The readme file says you can run it in continous mode where it
continously run whether the file it's there or not, but it does not specify
how. How does snort read the conf file?, if it reads it sequentially, i
suppose you will have to comment out database option and uncomment logging
and alerting options. because if both are uncommented snort in snort.conf it
will log to both database and the alert file it creates, which we dont want.
in barnyard.conf it specifies database schema for acid. since the schema
pertains to the database and not the frontend, i believe this should work
for demarc also. my questions are how do i run barnyard in continous mode
w/o checkpoint so that it does not exist if there is no alert file and has
anyone done this before with acid or demarc?. Suggestions would be greatly
More information about the Snort-users