[Snort-users] Barnyard2 to remote server

Martin Holste mcholste at ...11827...
Sat Aug 27 13:59:29 EDT 2011


Yep, you need unified2 for full packet data, so you're looking at a
custom plugin.

On Sat, Aug 27, 2011 at 12:40 PM, Sherman Boyd <sherman at ...15372...> wrote:
>>>Just have Snort or Barnyard output as syslog and have the syslog
>>>server be your custom node.  Parsing syslog is trivial, and you can
>>>the apply your HTML5 wrapper around it.  This will be the best
>>>solution because you do not need to customize Snort or Barnyard--they
>>>can be stock installations.  All of the custom code will be on your
>>>custom node.
>
> Thank you.  After turning off the 'last message repeated 37 times'
> functionality in rsyslog that's working nicely.  If I decided that I
> wanted the full packet data is there a way to do that with syslog, or
> am I looking at writing a custom plugin for by2 at that point?
>
>
> Best regards,
>
> Sherman Boyd
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>




More information about the Snort-users mailing list