|
|
|
|
Snort Forums Archive
Archive Home » Third Party Tools » Snort, Barnyard, and MySQL
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Snort, Barnyard, and MySQL
Posted by kevins on March 11, 2005 08:44:07
Hey everyone, first off, very nice site.
I am configuring a server that is using snort to examine traffic that would normally be deleted. By that, I mean traffic who's IP does not resolve to a valid location. We are using this information to detect possible users with virus on their machines. My question is what is a good configuration for Snort and Barnyard to work with MySQL. All the information I really need in the database is the source IP and port, destination IP and port, and the time that the packet was received. I am guessing that the '-A fast' option will take care of that part.
So what should I have snort log too, what should barnyard pickup, and how do I export it to the database? I have tried a few different ways and I haven't had any luck. Thanks in advance for any solutions to my problem.
Kevin
Here is what my system is running:
SimplyMepis
MySQL -- Ver 14.7 Distrib 4.1.10, for pc-linux-gnu (i386)
Snort -- 2.2.0
Barnyard -- Barnyard Version 0.2.0 (Build 32)
|
|
Posted by tag on March 17, 2005 12:27:20
If you use the unified alert output plugin only header information will be included. |
|
|
|
|
|
