[Snort-users] Quick Barnyard question...

Paul Schmehl pauls at ...6838...
Thu Aug 11 12:42:50 EDT 2005


--On Thursday, August 11, 2005 3:12 PM -0400 Jeff Kell <jeff-kell at ...6282...> 
wrote:

> Probably stoooopid question, but I can't hold back any longer:
>
> I'm starting to look into barnyard (number of sensors is growing, need to
> centralize reporting, moving toward sguil as a goal...) but I haven't
> been able to find a good quick overview of what it does.  I know it
> accepts unified alert files and can feed databases for later analysis,
> but specifically:
>
> * Is there a Barnyard "master" that sits on the database server,
> collecting alert files from all the sensors and loading into a database?
>
> * Is there a Barnyard "agent" that moves unified alerts from the sensor
> to the "master"?
>
> * Or does Barnyard just run on each sensor and writes back SQL to a
> common backend database server?
>
That depends on you.  Barnyard parses unified log files and submits the 
data to the db.  That means you can send the logs to the db server and run 
barnyard there or you can run barnyard on each sensor, parse the logs there 
and send the data to the db remotely.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list