|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] Barnyard vs. Mudpit
jonasb
alum.rpi.edu
Date: Wed Apr 21 2004 - 09:38:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi All -
I've been reading through the list archives to learn more about my
output options, but haven't found a definitive answer yet. I've set up
Barnyard to output to a remote mysql server from my Snort sensor.
Everything works fine, although I am a bit concerned about the duplicate
entry issue w/ alert rules. So, I figured, why not try mudpit. I've read
however that some people weren't really able to capture sessions using
stream processing and tag rules. I'd like to be able to have that
functionality - has anyone been able to get this to work with Mudpit? If
not, can you think of any other options?
Also - on my db server, I'm running syslog with swatch on the back-end
and would like close to RT email alerting functionality for alerts. I
know that Barnyard can output to syslog, but what output Mudpit - if so
which output pluging would I use?
Thanks!
B
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]