[Snort-users] Barnyard2 to remote server
sherman at ...15372...
Sat Aug 27 13:40:12 EDT 2011
>>Just have Snort or Barnyard output as syslog and have the syslog
>>server be your custom node. Parsing syslog is trivial, and you can
>>the apply your HTML5 wrapper around it. This will be the best
>>solution because you do not need to customize Snort or Barnyard--they
>>can be stock installations. All of the custom code will be on your
Thank you. After turning off the 'last message repeated 37 times'
functionality in rsyslog that's working nicely. If I decided that I
wanted the full packet data is there a way to do that with syslog, or
am I looking at writing a custom plugin for by2 at that point?
More information about the Snort-users