[Snort-users] leftover unified output files/barnyard operation
chris.paul at ...9441...
Tue Jun 17 00:50:15 EDT 2003
1. I start snort. (1 new snort.log and 1 new snort.alert created)
2. I start barnyard.
3. I stop snort.
4. I stop barnyard.
5. I start snort. (another new snort.log and another new snort.alert created)
6. I start barnyard.
Now what do I do with the first two unified snort output files? If I am using -w with barnyard, once barnyard has restarted, my understanding (from reading docs/USAGE) is that barnyard will pick up from the snort files created in (1) and then move on to the files created in (5).
This would mean that we are finished with the first two files...
...And I can delete the files created in step 1.
OS: OpenBSD 3.3-stable
Snort Version 2.0.0 (Build 72) (from OpenBSD ports)
Barnyard Version 0.1.0 (Build 17) (built from source)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
More information about the Snort-users