Home page logo

snort logo Snort mailing list archives

Re: Barnyard2 issue w/unified2 ?
From: beenph <beenph () gmail com>
Date: Fri, 16 Aug 2013 16:19:14 -0400

On Thu, Aug 15, 2013 at 1:50 PM, John Ives <jives () security berkeley edu> wrote:
Hash: SHA1

On 8/15/2013 9:17 AM, beenph wrote:
On Thu, Aug 15, 2013 at 11:52 AM, John Ives
<jives () security berkeley edu> wrote:
My understanding from my own research is that for each instance
of snort on a system there needs to be an instance of barnyard2
each with its own configuration file.

Each instance Need its own configuration file that will
differentiate each instance especialy if you log to a database.

If you log to syslog for example you can use only one configuration
and spawn each by2 process with a script loop.

Trying to output it to a postgres db. I did a quick look in the
configuration, but I didn't see what option is used to differentiate
the instances, so I suspect this is the root of my issue.

Hostname and interface


Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]