[Snort-users] Re: [Barnyard-users] Barnyard alert_fast and log_dump question ...
wintrmte at ...11827...
Mon Oct 4 20:12:27 EDT 2004
Thanks for the reply ..
Do you know if this type of functionality will be added into future
updates of Barnyard? I could probably hack something together, but
would rather have something more official as my C skills are quite
On Mon, 4 Oct 2004 19:47:47 -0500, Bamm Visscher
<bamm.visscher at ...11827...> wrote:
> You have to run two instances of barnyard as it can't process two
> unified filetypes at the same time. The only other option right now
> would be to hack together a custom output plugin that read unified log
> and outputed to both the db and an alert fast type output.
> On Mon, 4 Oct 2004 17:00:05 -0600, Sam Evans <wintrmte at ...11827...> wrote:
> > Sorry for the X-Post, but the barnyard-users list appears to be either
> > dead, or incredibly inactive..
> > Anyhow, I am hoping that someone here know the answer to my question..
> > I am trying to log both the alert_fast and log_dump information. The
> > problem I am running into is this...
> > If I use the -f option (base file name) and specify the alert unified
> > file, then it logs the alert_fast information to both syslog and plain
> > text file (exactly as I want). What I don't get, is any of the packet
> > dump information being logged to the database, or the packet.dump file
> > (Which, this makes sense because the alert unified file contains just
> > that, alert fast info).
> > Now, if I tell -f to use the log unified file, then I get exaclty the
> > opposite.. Nothing gets logged to Syslog, or the alert.fast plain
> > text file. I do get my packet.dump plain text file as well as full
> > packet information into the database. Ideally, I could live with this
> > scenario if it would just log the alert fast information to Syslog....
> > My question here is, how do I get both?
> > Thanks,
> > Sam
> sguil - The Analyst Console for NSM
More information about the Snort-users