Home page logo

snort logo Snort mailing list archives

Re: Barnyard2 issue w/unified2 ?
From: John Ives <jives () security berkeley edu>
Date: Thu, 15 Aug 2013 10:50:07 -0700

Hash: SHA1

On 8/15/2013 9:17 AM, beenph wrote:
On Thu, Aug 15, 2013 at 11:52 AM, John Ives
<jives () security berkeley edu> wrote:
My understanding from my own research is that for each instance
of snort on a system there needs to be an instance of barnyard2
each with its own configuration file.

Each instance Need its own configuration file that will
differentiate each instance especialy if you log to a database.

If you log to syslog for example you can use only one configuration
and spawn each by2 process with a script loop.

Trying to output it to a postgres db. I did a quick look in the
configuration, but I didn't see what option is used to differentiate
the instances, so I suspect this is the root of my issue.

Supposedly, that is all that is needed. However, I have not been
able to make it work as all but one of the barnyards will
eventually crash.

Could you define crash? Which error was it reporting, etc...

As I mentioned this is a roadmap project, but there is no definitive
date, so I have been playing with it in my free time. As a result, I
don't remember exactly what the error said.  I have started up the
system/snorts/barnyards that I was testing this on and have launched
it so I will see what I can find. However, my experience was that the
barnyards will run for varying lengths of time before a problem occurs
(sometimes a few minutes and sometimes it takes a weekend).



- -- 
- -------------------------------------------------------------------------
John Ives
System & Network Security                           Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]