[Snort-users] Barnyard vs. Mudpit

jonasb at ...7872... jonasb at ...7872...
Wed Apr 21 07:44:05 EDT 2004


Hi All -

I've been reading through the list archives to learn more about my
output options, but haven't found a definitive answer yet. I've set up
Barnyard to output to a remote mysql server from my Snort sensor.
Everything works fine, although I am a bit concerned about the duplicate
entry issue w/ alert rules. So, I figured, why not try mudpit. I've read
however that some people weren't really able to capture sessions using
stream processing and tag rules. I'd like to be able to have that
functionality - has anyone been able to get this to work with Mudpit? If
not, can you think of any other options?

Also - on my db server, I'm running syslog with swatch on the back-end
and would like close to RT email alerting functionality for alerts. I
know that Barnyard can output to syslog, but what output Mudpit - if so
which output pluging would I use?

Thanks!
B 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040421/228514c5/attachment.html>


More information about the Snort-users mailing list