[Snort-users] Barnyard2 to remote server

beenph beenph at ...11827...
Sat Aug 27 03:18:43 EDT 2011


On Sat, Aug 27, 2011 at 2:15 AM, Sherman Boyd <sherman at ...15372...> wrote:
> Hi,
>
> I'm working on a realtime visualization project for snort.  I'd like
> snort to pump all it's data over tcp/ip to a remote server, running
> custom node server that parcels out each event to an html5 server.   I
> don't want to use SQL, but other than that I'm pretty flexible with
> how the data is encapsulated.  Is there an existing barnyard2 plugin
> that will meet my needs?  Do I need to write a custom by2 output
> plugin?  Or is there a way to pump the data out directly from snort?
>
> To put it another way, I'm looking for alert_fast, except I don't want
> to write to a file I want to send it to 192.168.9.1:1212.
>
>

Your objective is to send "alert_fast" type events over the network to
your remote system running on 192.168.9.1:1212.
What service is running on that port and what type of input it is expecting?

If you need a specialized output mode, then you might base your self
on an the already existing output plugin
and add the code you need, or has you mentionned write your own output
plugin from ground up.

Do not hesitate to join our barnyard2 Mailinglist (google group)
-elz




More information about the Snort-users mailing list