[Snort-users] Barnyard2 to remote server

Sherman Boyd sherman at ...15372...
Sat Aug 27 10:54:57 EDT 2011


>>Your objective is to send "alert_fast" type events over the network to
>>your remote system running on 192.168.9.1:1212.
>>What service is running on that port and what type of input it is expecting?

The service will be a custom node.js application, so the type of input
can really be whatever.  I imagine that ASCII "alert_fast" type input
will be way easier to parse than snort unified.

Best regards,

Sherman Boyd






On Sat, Aug 27, 2011 at 12:18 AM, beenph <beenph at ...11827...> wrote:
> On Sat, Aug 27, 2011 at 2:15 AM, Sherman Boyd <sherman at ...15372...> wrote:
>> Hi,
>>
>> I'm working on a realtime visualization project for snort.  I'd like
>> snort to pump all it's data over tcp/ip to a remote server, running
>> custom node server that parcels out each event to an html5 server.   I
>> don't want to use SQL, but other than that I'm pretty flexible with
>> how the data is encapsulated.  Is there an existing barnyard2 plugin
>> that will meet my needs?  Do I need to write a custom by2 output
>> plugin?  Or is there a way to pump the data out directly from snort?
>>
>> To put it another way, I'm looking for alert_fast, except I don't want
>> to write to a file I want to send it to 192.168.9.1:1212.
>>
>>
>
> Your objective is to send "alert_fast" type events over the network to
> your remote system running on 192.168.9.1:1212.
> What service is running on that port and what type of input it is expecting?
>
> If you need a specialized output mode, then you might base your self
> on an the already existing output plugin
> and add the code you need, or has you mentionned write your own output
> plugin from ground up.
>
> Do not hesitate to join our barnyard2 Mailinglist (google group)
> -elz
>




More information about the Snort-users mailing list