[Snort-users] HELP: Dealing with 2 output plugin, is it ok?

Joel Esler joel.esler at ...1935...
Wed Nov 14 22:56:26 EST 2007

This should work fine.  I know of several people that do it.


On Nov 14, 2007, at 9:37 PM, Rachmat Hidayat Al-Anshar wrote:

> Hi guys,
> Reminding, I'm on my research deploying an IDS system with active  
> response.
> Because there is no 'clean' SnortSam patch yet for Snort-2.8.0, so I  
> decided
> to use snort-snortsam-2.7.0 pre-patched one. There is something that  
> I've
> to ask
> Is it fine to use SnortSam output plugin (on snort mechine) together  
> with
> the unified output plugin? I need unified output plugin to work with  
> Barnyard
> and send the result to MySQL server to work with BASE-1.3.8  
> meanwhile I do need
> the snortsam output plugin to send the bad IP address and have it  
> blocked in
> snortsam blocking agent that runs on firewall mechine?! any response  
> will greatly
> appreciated.
> I need more explaination here...
> Thanks in advance
> ~ Mat (^^) ~
> Be a better pen pal. Text or chat with friends inside Yahoo! Mail.  
> See  
> how 
> .-------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a  
> browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071114/caf0b3c5/attachment.html>

More information about the Snort-users mailing list