[Snort-users] Barnyard2 alternatives?

Richard Monk rmonk at ...4096...
Tue Aug 4 08:53:31 EDT 2015


On 08/04/2015 08:43 AM, Doug Burks wrote:
> Hi Richard,
> 
> Yes, we've also experienced performance issues when running multiple
> barnyard2 instances connecting to the same database with the database
> output plugin.  However, the barnyard2 output plugins for Sguil and
> syslog seem to work well for us.  Have you considered replacing Snorby
> with Sguil/Squert or some standard log collector like ELSA?

We took a look at Sguil/Squert and were unimpressed with the feature set (in
fact, we're slowly getting rid of snorby for the same reason).  I'll take a look
again.

Right now, we like having the packet data that comes with "native" DB storage,
although we're spinning up full packet capture/Bro to offset needing that as well.

ELSA/Splunk are on the table, but that would be a big change for us in terms of
our workflow (having somewhere to tag/comment/etc)

-- 
Richard Monk (rmonk at ...4096...) - Security Analyst
Red Hat, Raleigh NC
GPG Key ID: 0x942CDB25

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150804/23d859c8/attachment.sig>


More information about the Snort-users mailing list