[Snort-users] More than one output module
sekure at ...11827...
Thu Jul 15 12:26:10 EDT 2004
There is a barnyard-users mailing list, you can probably ask there.
But now that I think about it, i am not too sure that it has oracle
support. But there are other spool processors, like mudpit and FLoP,
that may support oracle.
On Thu, 15 Jul 2004 12:51:53 -0400, Esler, Joel - Contractor
<joel.esler at ...9426...> wrote:
> I just took a 4 second look at barnyard and oracle didn't pop out at me,
> does barnyard log to Oracle?
> -----Original Message-----
> From: sekure [mailto:sekure at ...11827...]
> Sent: Thursday, July 15, 2004 11:29 AM
> To: Esler, Joel - Contractor
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] More than one output module
> All things considered, database inserts (especially across a network)
> take a long time when compared to writing to a local file.
> Considering the fact that you are outputing to two different databases
> and also to syslog, i wouldn't be suprirsed if snort is struggling to
> keep up, depending on the rate of alerts.
> With your configuration have you thought about letting snort do what
> it's supposed to do -- sniff and analyze traffic, and configure barnyard
> to handle database logging and syslog. Just configure snort to log in
> unified format (very fast), and set barnyard up with multiple output
> I think you'll have much more luck in that configuration.
> ----- Original Message -----
> From: Esler, Joel - Contractor <joel.esler at ...9426...>
> Date: Thu, 15 Jul 2004 10:57:39 -0400
> Subject: [Snort-users] More than one output module
> To: snort-users at lists.sourceforge.net
> Has anyone experianced any problems with outputting to more than one
> output module? Is there a reason for it? Does the order matter?
> I have Snort logging to mysql, oracle, and syslog. But it seems when
> syslog is turned, occasionally an alert will be missed in the db?
More information about the Snort-users