[Snort-users] need help configuring snort + barnyard
chris at ...13576...
Wed Oct 19 09:32:57 EDT 2005
On Wed, 19 Oct 2005, Igor Belikov wrote:
| I configured snort to write both alert and log files in unified
| format. But I can't configure barnyard properly to store in DB
| detailed info about alerts.
| Barnyard "watch" alert files and stores info about alerts, but I
| need also store whole packets caused alert.
It seems you don't need to have snort write both unified files. All the
required info seems to be in the unified "log" file, so this is what you
want barnyard to read. It's not at all clear to us what info is in the
unified "alert" file that's not *also* in the unified "log" file. So we
don't write a unified "alert" file at all.
There was previous discussion of this at:
Chris Edwards, Glasgow University Computing Service
More information about the Snort-users