[Snort-users] data base

waldo kitty wkitty42 at ...14940...
Wed Jul 24 11:23:09 EDT 2013


On 7/24/2013 05:45, Abid Ayoub wrote:
> Hello,
> i want to save the sniff result in a data base.
> So , how can i do that when i have a lot of traffic?
> Soll i use barnyard2 , i didn´t understand why should i use it and what for ?

barnyard2 reads the snort unified2 log file and puts the data into the database 
for you... barnyard2 handles all the database communication... before, when 
snort tried to do it, snort could get hung up waiting on the database to 
respond... during that period, traffic would be lost to snort and it could not 
analyze it... since the alerts and evidence are written to the unified2 log, 
barnyard2 can put it in the database when possible... if the database is down 
for some reason, barnyard2 will wait for the database to come back and then 
continue to put the data in... all this time, snort is still analyzing the 
traffic and no data is lost...

does that answer your questions?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list