[Snort-users] Quick Barnyard question...

Jeff Kell jeff-kell at ...6282...
Thu Aug 11 12:16:15 EDT 2005


Probably stoooopid question, but I can't hold back any longer:

I'm starting to look into barnyard (number of sensors is growing, need to centralize reporting, moving toward sguil as a goal...) but I haven't been able to find a good quick overview of what it does.  I know it accepts unified alert files and can feed databases for later analysis, but specifically:

* Is there a Barnyard "master" that sits on the database server, collecting alert files from all the sensors and loading into a database?

* Is there a Barnyard "agent" that moves unified alerts from the sensor to the "master"?

* Or does Barnyard just run on each sensor and writes back SQL to a common backend database server?

Jeff





More information about the Snort-users mailing list