[Snort-users] Quick Barnyard Question Newbie

Steve Knoch sknoch at ...7864...
Tue Jul 15 07:59:49 EDT 2003


Do I have to run 2 instances of barnyard to check both snort.alert and snort.log files? I am currently using two input processor dp_log and dp_alert. I then have 2 acid_db output plugins to log both alerts and logs to my MySQL db. My startup script is
barnyard -D -w /*/barn.waldo -c /*/barnyard.conf -d /*/snort -g /*/gen-msg.map -s /*/sid-msg.map.

Will this read both unified output files? or did I miss a setting along the way?  Is this the best way to do this?

Thanks in Advance,


More information about the Snort-users mailing list