2004-10-12Http://www.tcpdump.org/related.html ----- How About Cidr and Many Other Concepts If you want Snort to go fast (like keep up with a 1000 Mbps connect), you need to use unifiedlogging and a unified log reader such as barnyard. This allows snort to log alerts in a binary form as fast as possible and have another program Performing The Slow Actions, Such As WritingInto a Database. Http://sguil.sourceforge.net/images/0.4/ssnqry.png Barnyard 0.1.0 Configuration FILE From Analysis Sguil and Barnyard how they process the alarm information. Barnyard Several output plugins, with the same output function as Snort. ESP. There is a plug-in to output the information to the SGUIL (output to the corresponding 7xxx port of SGUIL Server and go in the database in MySQL) CURRENT INTERESTING: Snort / Barny how to separate Alert and normal information.
