[Snort-users] need help configuring snort + barnyard

Chris Edwards chris at ...13576...
Wed Oct 19 09:32:57 EDT 2005


On Wed, 19 Oct 2005, Igor Belikov wrote:

|   I configured snort to write both alert and log files in unified
|   format. But I can't configure barnyard properly to store in DB
|   detailed info about alerts.
| 
|   Barnyard "watch" alert files and stores info about alerts, but I
|   need also store whole packets caused alert.

Hi,

It seems you don't need to have snort write both unified files.  All the 
required info seems to be in the unified "log" file, so this is what you 
want barnyard to read.  It's not at all clear to us what info is in the 
unified "alert" file that's not *also* in the unified "log" file.  So we 
don't write a unified "alert" file at all.

There was previous discussion of this at:
 
  http://archives.neohapsis.com/archives/snort/2004-11/0286.html


--
Chris Edwards, Glasgow University Computing Service




More information about the Snort-users mailing list