Home page logo
/

snort logo Snort mailing list archives

Re: Barnyard2 issue w/unified2 ?
From: John Ives <jives () security berkeley edu>
Date: Thu, 15 Aug 2013 10:50:07 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/15/2013 9:17 AM, beenph wrote:
On Thu, Aug 15, 2013 at 11:52 AM, John Ives
<jives () security berkeley edu> wrote:
My understanding from my own research is that for each instance
of snort on a system there needs to be an instance of barnyard2
each with its own configuration file.

Each instance Need its own configuration file that will
differentiate each instance especialy if you log to a database.

If you log to syslog for example you can use only one configuration
and spawn each by2 process with a script loop.

Trying to output it to a postgres db. I did a quick look in the
configuration, but I didn't see what option is used to differentiate
the instances, so I suspect this is the root of my issue.

Supposedly, that is all that is needed. However, I have not been
able to make it work as all but one of the barnyards will
eventually crash.

Could you define crash? Which error was it reporting, etc...

As I mentioned this is a roadmap project, but there is no definitive
date, so I have been playing with it in my free time. As a result, I
don't remember exactly what the error said.  I have started up the
system/snorts/barnyards that I was testing this on and have launched
it so I will see what I can find. However, my experience was that the
barnyards will run for varying lengths of time before a problem occurs
(sometimes a few minutes and sometimes it takes a weekend).

Yours,

John

- -- 
- -------------------------------------------------------------------------
John Ives
System & Network Security                           Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSDRTPAAoJEJkidK6qbywsqUcIAJsRE5JXO1YKr4O2cxahVOdc
+zLxUBFjJSJ2JiBlbMpBSR6yqNsCq+njRt/rRQgfOx1z2co0bQMcwmzjbKauSiNW
EddOfQtMRH3eBq3MRlmpzenjx1h9+S6k4ALhRIbqAAQa/lBFsYBw/8PZLo3WSTVd
u9Umbd231gX6A76R0zRWgFAuSUbv+glTEt+Yeb9du2o1ggwntE0LQmVvnUX3tPxQ
Rb0A41jN8WRka1Sif+g5ik2UkH/Si/xeSwjsl47PWWKyDBi2G0TuHK8wPMb5HnYy
LBJJPtfiumFG8Qt0sK5dPSFfbPCDkM8QOJLklWAtmKh73RJNUeIWtjsJmWgX3ec=
=E0zT
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault