[Snort-users] BASE sensor name

beenph beenph at ...11827...
Mon Aug 1 11:26:18 EDT 2011


On Mon, Aug 1, 2011 at 11:18 AM, Lay, James <james.lay at ...15009...> wrote:
> That –F didn’t make a difference, bummer but eh..I’ll deal with it.  As for
> db logging, I’m trying to get the best of both worlds…direct to db via snort
> for BASE, and using barnyard2 for sguil…maybe not the best way, but eh…I
> want to have a couple frontends to work with for reporting and whatnot.
> Thanks gents.
>

You should use db logging from BY2 James, since you can have logging
from two output pluggins, it would be more efficient
for the ole process to have both output pluggins configured there and
i think you wouldn't have that problem with the sensor name.

-elz




More information about the Snort-users mailing list