[Snort-users] HELP: Dealing with 2 output plugin, is it ok?

Rachmat Hidayat Al-Anshar rachmat_hidayat_02 at ...131...
Wed Nov 14 21:37:21 EST 2007


Hi guys, 

Reminding, I'm on my research deploying an IDS system with active response.
Because there is no 'clean' SnortSam patch yet for Snort-2.8.0, so I decided
to use snort-snortsam-2.7.0 pre-patched one. There is something that I've 
to ask

Is it fine to use SnortSam output plugin (on snort mechine) together with
the unified output plugin? I need unified output plugin to work with Barnyard 
and send the result to MySQL server to work with BASE-1.3.8 meanwhile I do need
the snortsam output plugin to send the bad IP address and have it blocked in
snortsam blocking agent that runs on firewall mechine?! any response will greatly
appreciated. 

I need more explaination here...

Thanks in advance
~ Mat (^^) ~
 




      ____________________________________________________________________________________
Be a better sports nut!  Let your teams follow you 
with Yahoo Mobile. Try it now.  http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071114/e63702f1/attachment.html>


More information about the Snort-users mailing list