[Snort-users] reboot the DB

Erek Adams erek at ...950...
Mon Jul 7 16:46:15 EDT 2003

On Mon, 7 Jul 2003, Bryan Irvine wrote:

> So I should redo the setup and have snort log to this barnyard something
> or other instead of postgres, and barnyard will take care of logging to
> postgres so acid can still see the alerts?  I got the order right?

There's not much to really "redo".  Build and install Barnyard, change
your output plugin from DB to unified, configure Barnyard to look at the
right files and DB, and start up BY and Snort.  Snort sends the
alerts to the unified log file, BY then reads the file from disk and sends
the data to the DB.  If network drops or if the DB doesn't respond, BY
simply waits until it becomes active before starting to send the alerts

One thing you might want to check on is how well BY works with Postgres.
I'm pretty sure it works, but something in the back of my mind make me
think there was an issue.  I can't recall if that's the case or not.  You
can check the archives here [0].

Anyone have any experience in using Barnyard and Snort with Postgres?


Erek Adams

[0]	http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2

