[Snort-users] MySQL support for Snort 2.9.4
jthoel at ...11827...
Mon Dec 10 20:00:31 EST 2012
Barnyard2 really is very easy to use.. and even if you plan on going
to an older version, just stick with the unified2 output. Easier to
learn now then later.
You install snort, get it working and logging to unified2, then have
barnyard2 read that file and log it to a DB. This allows snort to
focus more on reading packets and making alerts and lets something
else handle getting those alerts to the tool of your choice.
As for the rules for 2.9.4, there isn't a set available? I haven't
checked, but that would be an interesting problem. I'm sure Joel can
chime in more in regards to that.
On Tue, Dec 11, 2012 at 12:54 AM, Kaya Saman <kayasaman at ...11827...> wrote:
> y am asking about the older version in addition is because the obtainable
> rules are for that and not the later 2.9.4 which one would need subscription
> I guess I will have to look at building Barnyard2 and figuring out how they
> integrate. It's a bit of a shame as it makes setup and running easier (at
> least fo
More information about the Snort-users