[Snort-users] Barnyard and Multiple DB Connections

Steve Suppe suppe2 at ...12013...
Fri Sep 24 06:46:09 EDT 2004


My advice is to have two instances of Barnyard running, each logging to 
a separate database.  The involves having 2 waldo files (one for each), 
so it takes a little tuning but it certainly isn't difficult to do. 
Just point them at different files.  You can even have it all work in 
the Snort init script if you have them point to two different PID files, 
and kill them off by referring to each process by it's PID.

On top of that, when I did this, I had a cron script that cleared the 
"alerts" database every month, while the "archive" database was never 
cleared, so it maintained all the packets it had ever seen.

Hope that was clear,

Steve

Jason Alexander wrote:
> Is is possible to have barnyard output to multiple databases at once. I 
> would like to have a database that everyone can look at and remove 
> alerts once they have been process but would like to keep an archive 
> database of everything that was logged for reference.
> 
> Thanks
> Jason
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list