[Snort-users] BASE sensor name

Joel Esler jesler at ...1935...
Mon Aug 1 11:34:45 EDT 2011


On Aug 1, 2011, at 11:26 AM, beenph wrote:

> On Mon, Aug 1, 2011 at 11:18 AM, Lay, James <james.lay at ...15009...> wrote:
>> That –F didn’t make a difference, bummer but eh..I’ll deal with it.  As for
>> db logging, I’m trying to get the best of both worlds…direct to db via snort
>> for BASE, and using barnyard2 for sguil…maybe not the best way, but eh…I
>> want to have a couple frontends to work with for reporting and whatnot.
>> Thanks gents.
>> 
> 
> You should use db logging from BY2 James, since you can have logging
> from two output pluggins, it would be more efficient
> for the ole process to have both output pluggins configured there and
> i think you wouldn't have that problem with the sensor name.


I agree.  

http://blog.snort.org/2011/06/snorts-output-methods.html

Joel





More information about the Snort-users mailing list