Re: data base

[Abid Ayoub <abid.ayoub () gmail com>]

Hi,


Thank you for the answer.
ok , so i should run barnyard2 then run snort. In this case, branyard2 will
detect the new generated file by snort and put the data into snort data
base. is this right ?

you mention " unified2 log file" , is this the gnerated file by snort ? for
examlpe snort.log.1374827257 ?

So when i run  the following command :
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -d
/var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo

snort.u2 is the genrated file, read by barnyard2 from te directrory
/var/log/snort ?
should i mention other options in barnyard2 command ?

Thanks a lot
Abid


2013/7/24 waldo kitty <wkitty42 () windstream net>

> On 7/24/2013 05:45, Abid Ayoub wrote:
> > Hello,
> > i want to save the sniff result in a data base.
> > So , how can i do that when i have a lot of traffic?
> > Soll i use barnyard2 , i didn´t understand why should i use it and what
> for ?
>
> barnyard2 reads the snort unified2 log file and puts the data into the
> database
> for you... barnyard2 handles all the database communication... before, when
> snort tried to do it, snort could get hung up waiting on the database to
> respond... during that period, traffic would be lost to snort and it could
> not
> analyze it... since the alerts and evidence are written to the unified2
> log,
> barnyard2 can put it in the database when possible... if the database is
> down
> for some reason, barnyard2 will wait for the database to come back and then
> continue to put the data in... all this time, snort is still analyzing the
> traffic and no data is lost...
>
> does that answer your questions?
>
> --
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!