[Snort-users] Spool Processors

Gary_Portnoy at ...11307... Gary_Portnoy at ...11307...
Thu Apr 1 06:43:07 EST 2004


I am considering using the unified logging output plugin for snort with a 
spool processor to dump the alerts/logs to MySQL.  As I see it I have 3 
options: Barnyard, Mudpit and Flop.  Flop is out since I don't believe it 
actually reads unified logs, but more importantly it can't support more 
than one snort instance per machine, according to the documentation. 

Can somebody with experience compare and contrast Barnyard and Mudpit? 
What are the major differences?  Why would I pick one over the other?  Is 
one more complete than the other?  Etc, etc, etc.

-------------------------------------------
Gary Portnoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040401/ce13da37/attachment.html>


More information about the Snort-users mailing list