Snort mailing list archives
RE: How to get barnyard to read both log and alert
From: "Basselgia, Barry A Mr (NAF Atsugi)" <BABasselgia () atsugi navy mil>
Date: Tue, 23 Nov 2004 10:28:08 +0900
If I understand it correctly, you don't need to have both the log and alert files processed. The log file contains all the information in the alert file plus additional details. So if you have it process your log file you should have all the information. I'm using the following in my barnyard configuration file: output log_acid_db: mysql, database snort-db, server localhost, user snort-user, password xxxxxxx, detail full I use ACID, BASE, and Open Aanval as frontends to my snort-db and can see everything. Barry -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Russell Fulton Sent: Tuesday, November 23, 2004 9:42 AM To: snort-users () lists sourceforge net Subject: [Snort-users] How to get barnyard to read both log and alert file? Hi Folks, I am trying to use barnyard to pick up my unified output alert and log files and send them to a mysql database. I can get it to do one or the other but not both. How can I get barnyard to merge the info from these two files and feed it to my mysql database? -- Russell Fulton, Information Security Officer, The University of Auckland New Zealand ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --------------------------------------------------------- This message has been scanned for viruses and dangerous content by the NAF Atsugi MailScanner. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: How to get barnyard to read both log and alert Basselgia, Barry A Mr (NAF Atsugi) (Nov 22)
- RE: How to get barnyard to read both log and alert Russell Fulton (Nov 22)