[Snort-users] unified format
ivb at ...13431...
Thu Aug 18 23:52:16 EDT 2005
I have several questions regarding unified log format.
1. In archive of this mailing list I read that unified alert file
contains only alerts information, and unified log file contains both
alerts and corresponding payloads. But documentation says different:
unified log contains only payload, and I confirmed this by some
2. I need log to DB detailed info about alerts. I setup snort to
write unified alert and log files, and need some mechanism to store
this info in DB.
3. Writing to DB by snort is not a good solution, so I want to use
barnyard. But I can't take _all_ information from unified logs! I
can't setup barnyard to process both alert and log files, and I
can't run two copies of barnyard to process two files (alert and
log). When I run only one copy of barnyard to process log - I don't
receive events in DB at all! When I run barbyard to process alert -
I receive alert events in BD, but I don't receive payload of this
So, I need some help to setup snort+barnyard to put detailed info
about alerts in DB.
Igor mailto:ivb at ...13431...
P.S. Exuse me my poor english, please...
More information about the Snort-users