[Snort-users] Barnyard2

Jeremy Hoel jthoel at ...11827...
Mon Jan 19 02:22:22 EST 2015


To use most web based tools you need to send the data from unified2 to a
mysql.. you use barnyard2 for that.  IF you want to use cli you can use
some tools to explore unified2 files, or you can use a SIEM tool that can
get the data via syslog or something.  You could also use sguil and it has
a whole other set of tools.

So really, it depends on how you want to view your data.

You might check out Security Onion as it has a few of these and can give
you some options.

On Sat, Jan 17, 2015 at 1:30 AM, Mike Michalak <mike at ...17066...> wrote:

> Ah ok, that is a good question.  I'm not quite sure, any suggestions?
>
> Regards,
>
> Mike Michalak
> M +219.921.9619
> O +708.320.8643
> Trail 9 | trail9.com
>
>
>
>
> On Fri, Jan 16, 2015 at 6:21 PM, Shirkdog <shirkdog at ...11827...> wrote:
>
>> How do you plan on viewing alert data?
>>
>> Once you answer that question, you can look at how barnyard2 will help
>> you.
>>
>> ---
>> Michael Shirk
>>
>>
>> On Fri, Jan 16, 2015 at 9:29 AM, Mike Michalak <mike at ...17066...> wrote:
>> >
>> > I have installed Snort and I am in the testing phase.
>> >
>> > What are your thoughts on using Barnyard2 with snort?  Is it worth it
>> or not
>> > needed.
>> >
>> > I am running snort on a CentOS 6.5 box.
>> >
>> > Regards,
>> >
>> > Mike
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>> > GigeNET is offering a free month of service with a new server in
>> Ashburn.
>> > Choose from 2 high performing configs, both with 100TB of bandwidth.
>> > Higher redundancy.Lower latency.Increased capacity.Completely compliant.
>> > http://p.sf.net/sfu/gigenet
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> >
>> > Please visit http://blog.snort.org to stay current on all the latest
>> Snort
>> > news!
>>
>
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150119/4acb9ac1/attachment.html>


More information about the Snort-users mailing list