Home page logo
/

snort logo Snort mailing list archives

Re: Barnyard2 issue w/unified2 ?
From: beenph <beenph () gmail com>
Date: Fri, 16 Aug 2013 16:19:14 -0400

On Thu, Aug 15, 2013 at 1:50 PM, John Ives <jives () security berkeley edu> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/15/2013 9:17 AM, beenph wrote:
On Thu, Aug 15, 2013 at 11:52 AM, John Ives
<jives () security berkeley edu> wrote:
My understanding from my own research is that for each instance
of snort on a system there needs to be an instance of barnyard2
each with its own configuration file.

Each instance Need its own configuration file that will
differentiate each instance especialy if you log to a database.

If you log to syslog for example you can use only one configuration
and spawn each by2 process with a script loop.

Trying to output it to a postgres db. I did a quick look in the
configuration, but I didn't see what option is used to differentiate
the instances, so I suspect this is the root of my issue.


Hostname and interface

-elz

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]