[Snort-users] Barnyard2 alternatives?

Jaime Nebrera jnebrera at ...16842...
Thu Aug 6 12:13:02 EDT 2015


Hi Richard,

We have open sourced an extension to BY2 to output Unified2 messages into
Apache Kafka for high performance. Take a look in our github repository
www.github.com/redborder

As for an alternative to view those events I would suggest redBorder
project, of course, as part of it ;)

El mar., 4 de agosto de 2015 14:54, Richard Monk <rmonk at ...4096...>
escribió:

> On 08/04/2015 08:43 AM, Doug Burks wrote:
> > Hi Richard,
> >
> > Yes, we've also experienced performance issues when running multiple
> > barnyard2 instances connecting to the same database with the database
> > output plugin.  However, the barnyard2 output plugins for Sguil and
> > syslog seem to work well for us.  Have you considered replacing Snorby
> > with Sguil/Squert or some standard log collector like ELSA?
>
> We took a look at Sguil/Squert and were unimpressed with the feature set
> (in
> fact, we're slowly getting rid of snorby for the same reason).  I'll take
> a look
> again.
>
> Right now, we like having the packet data that comes with "native" DB
> storage,
> although we're spinning up full packet capture/Bro to offset needing that
> as well.
>
> ELSA/Splunk are on the table, but that would be a big change for us in
> terms of
> our workflow (having somewhere to tag/comment/etc)
>
> --
> Richard Monk (rmonk at ...4096...) - Security Analyst
> Red Hat, Raleigh NC
> GPG Key ID: 0x942CDB25
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150806/cb77aeac/attachment.html>


More information about the Snort-users mailing list