[Snort-users] Barnyard2 to remote server
sherman at ...15372...
Sat Aug 27 10:54:57 EDT 2011
>>Your objective is to send "alert_fast" type events over the network to
>>your remote system running on 192.168.9.1:1212.
>>What service is running on that port and what type of input it is expecting?
The service will be a custom node.js application, so the type of input
can really be whatever. I imagine that ASCII "alert_fast" type input
will be way easier to parse than snort unified.
On Sat, Aug 27, 2011 at 12:18 AM, beenph <beenph at ...11827...> wrote:
> On Sat, Aug 27, 2011 at 2:15 AM, Sherman Boyd <sherman at ...15372...> wrote:
>> I'm working on a realtime visualization project for snort. I'd like
>> snort to pump all it's data over tcp/ip to a remote server, running
>> custom node server that parcels out each event to an html5 server. I
>> don't want to use SQL, but other than that I'm pretty flexible with
>> how the data is encapsulated. Is there an existing barnyard2 plugin
>> that will meet my needs? Do I need to write a custom by2 output
>> plugin? Or is there a way to pump the data out directly from snort?
>> To put it another way, I'm looking for alert_fast, except I don't want
>> to write to a file I want to send it to 192.168.9.1:1212.
> Your objective is to send "alert_fast" type events over the network to
> your remote system running on 192.168.9.1:1212.
> What service is running on that port and what type of input it is expecting?
> If you need a specialized output mode, then you might base your self
> on an the already existing output plugin
> and add the code you need, or has you mentionned write your own output
> plugin from ground up.
> Do not hesitate to join our barnyard2 Mailinglist (google group)
More information about the Snort-users