[Snort-users] Barnyard and Multiple DB Connections
suppe2 at ...12013...
Fri Sep 24 06:46:09 EDT 2004
My advice is to have two instances of Barnyard running, each logging to
a separate database. The involves having 2 waldo files (one for each),
so it takes a little tuning but it certainly isn't difficult to do.
Just point them at different files. You can even have it all work in
the Snort init script if you have them point to two different PID files,
and kill them off by referring to each process by it's PID.
On top of that, when I did this, I had a cron script that cleared the
"alerts" database every month, while the "archive" database was never
cleared, so it maintained all the packets it had ever seen.
Hope that was clear,
Jason Alexander wrote:
> Is is possible to have barnyard output to multiple databases at once. I
> would like to have a database that everyone can look at and remove
> alerts once they have been process but would like to keep an archive
> database of everything that was logged for reference.
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users