[Snort-users] Quick Barnyard question...

Mihai Petre MPetre at ...13266...
Thu Aug 11 12:48:59 EDT 2005


On 08/11/2005 03:41:07 PM Paul Schmehl wrote:
>--On Thursday, August 11, 2005 3:12 PM -0400 Jeff Kell <jeff-kell at ...13420.....>
>wrote:
>
>> Probably stoooopid question, but I can't hold back any longer:
>>
>> I'm starting to look into barnyard (number of sensors is growing, need
to
>> centralize reporting, moving toward sguil as a goal...) but I haven't
>> been able to find a good quick overview of what it does.  I know it
>> accepts unified alert files and can feed databases for later analysis,
>> but specifically:
>>
>> * Is there a Barnyard "master" that sits on the database server,
>> collecting alert files from all the sensors and loading into a database?
>>
>> * Is there a Barnyard "agent" that moves unified alerts from the sensor
>> to the "master"?
>>
>> * Or does Barnyard just run on each sensor and writes back SQL to a
>> common backend database server?
>>
>That depends on you.  Barnyard parses unified log files and submits the
>data to the db.  That means you can send the logs to the db server and run
>barnyard there or you can run barnyard on each sensor, parse the logs
there
>and send the data to the db remotely.
>
>Paul Schmehl (pauls at ...6838...)
>Adjunct Information Security Officer
>University of Texas at Dallas
>AVIEN Founding Member
>http://www.utdallas.edu/ir/security/

Paul,

two more questions

* The sguil output is part of the normal build or the source has to be
patched ?
* The output can be directed to different outputs in the same time ? I mean
using mysql and sguil together is it "doable" ?

Le présent courriel et toutes les pièces jointes contiennent de
l'information privée, exclusive, privilégiée et/ou confidentielle
s'adressant uniquement au destinataire. Toute utilisation, copie ou
distribution non autorisée du contenu de ce courriel est strictement
interdite. Si vous n'êtes pas le destinataire de ce message et que vous
l'avez reçu par erreur, veuillez le supprimer et en informer immédiatement
l'expéditeur.

This e-mail communication, including all attachments, may contain private,
proprietary, privileged and/or confidential information and is intended
only for the person to whom it is addressed. Any unauthorized use, copying
or distribution of the contents of this e-mail is strictly prohibited. If
you are not the intended recipient of this e-mail, and have received it in
error, please delete it and notify the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050811/d9ba2179/attachment.html>


More information about the Snort-users mailing list