[Snort-users] Barnyard2 alternatives?
rmonk at ...4096...
Tue Aug 4 08:53:31 EDT 2015
On 08/04/2015 08:43 AM, Doug Burks wrote:
> Hi Richard,
> Yes, we've also experienced performance issues when running multiple
> barnyard2 instances connecting to the same database with the database
> output plugin. However, the barnyard2 output plugins for Sguil and
> syslog seem to work well for us. Have you considered replacing Snorby
> with Sguil/Squert or some standard log collector like ELSA?
We took a look at Sguil/Squert and were unimpressed with the feature set (in
fact, we're slowly getting rid of snorby for the same reason). I'll take a look
Right now, we like having the packet data that comes with "native" DB storage,
although we're spinning up full packet capture/Bro to offset needing that as well.
ELSA/Splunk are on the table, but that would be a big change for us in terms of
our workflow (having somewhere to tag/comment/etc)
Richard Monk (rmonk at ...4096...) - Security Analyst
Red Hat, Raleigh NC
GPG Key ID: 0x942CDB25
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Snort-users