[Snort-users] Barnyard2 to remote server

Sherman Boyd sherman at ...15372...
Sat Aug 27 13:40:12 EDT 2011


>>Just have Snort or Barnyard output as syslog and have the syslog
>>server be your custom node.  Parsing syslog is trivial, and you can
>>the apply your HTML5 wrapper around it.  This will be the best
>>solution because you do not need to customize Snort or Barnyard--they
>>can be stock installations.  All of the custom code will be on your
>>custom node.

Thank you.  After turning off the 'last message repeated 37 times'
functionality in rsyslog that's working nicely.  If I decided that I
wanted the full packet data is there a way to do that with syslog, or
am I looking at writing a custom plugin for by2 at that point?


Best regards,

Sherman Boyd




More information about the Snort-users mailing list