[Snort-users] Re: [Barnyard-users] Barnyard alert_fast and log_dump question ...
bamm.visscher at ...11827...
Mon Oct 4 18:50:33 EDT 2004
You have to run two instances of barnyard as it can't process two
unified filetypes at the same time. The only other option right now
would be to hack together a custom output plugin that read unified log
and outputed to both the db and an alert fast type output.
On Mon, 4 Oct 2004 17:00:05 -0600, Sam Evans <wintrmte at ...11827...> wrote:
> Sorry for the X-Post, but the barnyard-users list appears to be either
> dead, or incredibly inactive..
> Anyhow, I am hoping that someone here know the answer to my question..
> I am trying to log both the alert_fast and log_dump information. The
> problem I am running into is this...
> If I use the -f option (base file name) and specify the alert unified
> file, then it logs the alert_fast information to both syslog and plain
> text file (exactly as I want). What I don't get, is any of the packet
> dump information being logged to the database, or the packet.dump file
> (Which, this makes sense because the alert unified file contains just
> that, alert fast info).
> Now, if I tell -f to use the log unified file, then I get exaclty the
> opposite.. Nothing gets logged to Syslog, or the alert.fast plain
> text file. I do get my packet.dump plain text file as well as full
> packet information into the database. Ideally, I could live with this
> scenario if it would just log the alert fast information to Syslog....
> My question here is, how do I get both?
sguil - The Analyst Console for NSM
More information about the Snort-users