-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<insert FBOMB here>....
i'm confused easily....
aight, thanks for the help!! Much apprecaited... :-)
Bamm Visscher wrote:
> Ah, well in that case, you'd have to run four instances of BY as I
> don't think you can register the same output plugin twice either.
> Reading that FAQ says:
>
> "Feed the unified output files through Barnyard _twice_ to separate databases"
>
> The config example of using two output lines is for snort not
> barnyard. I can see how it's confusing though (FAQ maintainer please
> take note).
>
> Bammkkkk
>
>
> On 5/24/05, Wes Young <wcyoung@xxxxxxxxxxx> wrote:
>
> Correct... I am reading one for each... (Alert and Log) they just use
> the same config file...
> And each type is being handled properly...
>
> let me Clearify:
>
> DB1: Alert
> DB2: Log
>
> DB3: Alert_archive
> DB4: Log_archive
>
> Now: DB1 and DB2 are being populated by 2 diff instances of barnyard
> properly, DB3 and DB4 are getting nothing. (They are basically mirror
> databases).
>
> According to: http://www.snort.org/docs/faq/1Q05/node88.html
> it seems like it should have no problem being done (The log instance
> outputs to DB2 and DB4, and Alert instance outputs to DB1 and DB3)
>
>
> Bamm Visscher wrote:
>
>>You'd have to run two instances of barnyard to do that. Barnyard can
>>only process one type of spool file at a time (unified alert or
>>unified log).
>
>>Bammkkkk
>
>>On 5/24/05, Wes Young <wcyoung@xxxxxxxxxxx> wrote:
>
>>has anyone had sucess with this in the barnyard config:
>
>>output alert_acid_db: mysql, sensor_id 1, database snort, server
>>localhost, user snort, password pass
>>output log_acid_db: mysql, database snort_log, server localhost, user
>>snort, detail full, password pass
>
>>output alert_acid_db: mysql, sensor_id 1, database snort_archive_alert,
>>server localhost, user snort, password pass
>>output log_acid_db: mysql, sensor_id 1, database snort_archive_log,
>>server localhost, user snort, detail full, password pass
>
>
>>It writes to the first set of DB's ok... but nothing gets to the second
>>set.... no errors, nothing.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> Barnyard-users mailing list
> Barnyard-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/barnyard-users
>
>
>
>
>
> --
> Wes Young
> Network Security Analyst
> University at Buffalo
> GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCk4281M5o0FsrrbERAkQMAJ4/08kVXyCeO8btcW7imWnRkar6TACdHfkB
uHe3hu3IPilv4H3VEgW9vR8=
=ChDy
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
|
