Re: need help configuring snort + barnyard

[Chris Edwards <chris () eng gla ac uk>]

On Wed, 19 Oct 2005, Igor Belikov wrote:

|   I configured snort to write both alert and log files in unified
|   format. But I can't configure barnyard properly to store in DB
|   detailed info about alerts.
| 
|   Barnyard "watch" alert files and stores info about alerts, but I
|   need also store whole packets caused alert.

Hi,

It seems you don't need to have snort write both unified files.  All the 
required info seems to be in the unified "log" file, so this is what you 
want barnyard to read.  It's not at all clear to us what info is in the 
unified "alert" file that's not *also* in the unified "log" file.  So we 
don't write a unified "alert" file at all.

There was previous discussion of this at:
 
  http://archives.neohapsis.com/archives/snort/2004-11/0286.html


--
Chris Edwards, Glasgow University Computing Service


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users