[Snort-users] More than one output module
Esler, Joel - Contractor
joel.esler at ...9426...
Thu Jul 15 09:54:16 EDT 2004
I just took a 4 second look at barnyard and oracle didn't pop out at me,
does barnyard log to Oracle?
From: sekure [mailto:sekure at ...11827...]
Sent: Thursday, July 15, 2004 11:29 AM
To: Esler, Joel - Contractor
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] More than one output module
All things considered, database inserts (especially across a network)
take a long time when compared to writing to a local file.
Considering the fact that you are outputing to two different databases
and also to syslog, i wouldn't be suprirsed if snort is struggling to
keep up, depending on the rate of alerts.
With your configuration have you thought about letting snort do what
it's supposed to do -- sniff and analyze traffic, and configure barnyard
to handle database logging and syslog. Just configure snort to log in
unified format (very fast), and set barnyard up with multiple output
I think you'll have much more luck in that configuration.
----- Original Message -----
From: Esler, Joel - Contractor <joel.esler at ...9426...>
Date: Thu, 15 Jul 2004 10:57:39 -0400
Subject: [Snort-users] More than one output module
To: snort-users at lists.sourceforge.net
Has anyone experianced any problems with outputting to more than one
output module? Is there a reason for it? Does the order matter?
I have Snort logging to mysql, oracle, and syslog. But it seems when
syslog is turned, occasionally an alert will be missed in the db?
More information about the Snort-users