[Snort-users] Quick Barnyard Question Newbie

Steve Knoch sknoch at ...7864...
Tue Jul 15 10:35:14 EDT 2003


Scott,

I tried running two separate instance of barnyard using the following switch barnyard -D -w /*/barn.waldo
-c /*/barnyard.conf -d /*/snort -g /*/gen-msg.map -s /*/sid-msg.map -f snort.alert and barnyard -D -w /*/barn2.waldo
-c /*/barnyard.conf -d /*/snort -g /*/gen-msg.map -s /*/sid-msg.map -f snort.log. When I loaded the second instance of barnyard the first one stopped. Is there something special I have to add to the command line to run 2 barnyards?

Steve

>>> "Scott Renna" <srenna at ...9588...> 07/15/03 11:20AM >>>
Steve,

I believe this is a similar question to the one I had as well.  I am
running two instances of barnyard one for the alerts and one for logs.
List members have told me that this is the only way to currently process
both types of information.

Hope that helps.

Scott 

***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net 
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steve
Knoch
Sent: Tuesday, July 15, 2003 11:01 AM
To: snort-users at lists.sourceforge.net 
Subject: [Snort-users] Quick Barnyard Question Newbie


Hello,

Do I have to run 2 instances of barnyard to check both snort.alert and
snort.log files? I am currently using two input processor dp_log and
dp_alert. I then have 2 acid_db output plugins to log both alerts and
logs to my MySQL db. My startup script is Scott,.

Will this read both unified output files? or did I miss a setting along
the way?  Is this the best way to do this?


Thanks in Advance,

Steve



-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1 
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list 






More information about the Snort-users mailing list