[Snort-users] Quick Barnyard Question Newbie

Scott Renna srenna at ...9588...
Tue Jul 15 08:21:07 EDT 2003


I believe this is a similar question to the one I had as well.  I am
running two instances of barnyard one for the alerts and one for logs.
List members have told me that this is the only way to currently process
both types of information.

Hope that helps.


Scott Renna
Head Systems Administrator
Dynamic Animation Systems


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steve
Sent: Tuesday, July 15, 2003 11:01 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Quick Barnyard Question Newbie


Do I have to run 2 instances of barnyard to check both snort.alert and
snort.log files? I am currently using two input processor dp_log and
dp_alert. I then have 2 acid_db output plugins to log both alerts and
logs to my MySQL db. My startup script is barnyard -D -w /*/barn.waldo
-c /*/barnyard.conf -d /*/snort -g /*/gen-msg.map -s /*/sid-msg.map.

Will this read both unified output files? or did I miss a setting along
the way?  Is this the best way to do this?

Thanks in Advance,


This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list

More information about the Snort-users mailing list