[Snort-users] Quick Barnyard Question Newbie
sknoch at ...7864...
Tue Jul 15 10:35:14 EDT 2003
I tried running two separate instance of barnyard using the following switch barnyard -D -w /*/barn.waldo
-c /*/barnyard.conf -d /*/snort -g /*/gen-msg.map -s /*/sid-msg.map -f snort.alert and barnyard -D -w /*/barn2.waldo
-c /*/barnyard.conf -d /*/snort -g /*/gen-msg.map -s /*/sid-msg.map -f snort.log. When I loaded the second instance of barnyard the first one stopped. Is there something special I have to add to the command line to run 2 barnyards?
>>> "Scott Renna" <srenna at ...9588...> 07/15/03 11:20AM >>>
I believe this is a similar question to the one I had as well. I am
running two instances of barnyard one for the alerts and one for logs.
List members have told me that this is the only way to currently process
both types of information.
Hope that helps.
Head Systems Administrator
Dynamic Animation Systems
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steve
Sent: Tuesday, July 15, 2003 11:01 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Quick Barnyard Question Newbie
Do I have to run 2 instances of barnyard to check both snort.alert and
snort.log files? I am currently using two input processor dp_log and
dp_alert. I then have 2 acid_db output plugins to log both alerts and
logs to my MySQL db. My startup script is Scott,.
Will this read both unified output files? or did I miss a setting along
the way? Is this the best way to do this?
Thanks in Advance,
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
More information about the Snort-users