|
|
|
|
Snort Forums Archive
Archive Home » Third Party Tools » barnyard + both log and alert monitoring
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
barnyard + both log and alert monitoring
Posted by IVB on August 17, 2005 23:14:01
I setup snort to write both alerts and logs in corresponding files in unified format. Now I need to setup barnyard to process _both_ files: alert and log. But I can set only one -f parameter: alert or log. And barnyard processing only _one_ file - alert or log. I'd try to run two copies of barnyard (for alert and for log, with different pids), but second copy don't start.
Please help me run two copies of barnyard or run one copy processing both log and alert files.
Thanks in advance. |
|
Posted by Joel_Esler on August 30, 2005 10:49:19
you're referring to the two unified alert and log files? Why don't you just run one file?
Joel Esler
SOURCEfire |
|
Posted by big_boi on October 29, 2005 07:40:33
barnyard creates a .pid file when run in daemon mode and locks the file. so only 1 instance of barnyard can be run at a time. you can of course change the location of the pid file for one of the instances using the -X switch, and then you shouldn't have a problem running 2 barnyards at once. |
|
Posted by Enzo on October 19, 2006 08:15:47
How can you write to just one file? I tried sending output from both unified file output processors (alert and log) to the same file, but when I tried to run Barnyard against it, I got a fatal error (FATAL ERROR: Out of memory (wanted 3427088349 bytes), and it aborted. |
|
|
|
|
|
