[Oisf-devel] Unified2 / MySQL
Will Metcalf
william.metcalf at gmail.com
Mon Jan 4 05:09:14 UTC 2010
Rich,
If you want to dump unified2 to BASE look at barnyard2.
http://www.securixlive.com/barnyard2/index.php
There is also a lot of hype around Snorby, although I haven't tried it Josh
Smith one of the OISF team was talking about putting together a guide on
setting up suricata with snorby.
http://snorby.org/
If you have not taken a look at sguil I highly recommend this as an analysts
console. barnyard2 will output to sguil as well.
http://sguil.sourceforge.net/
After saying all of this, If you can't find something to fit your needs and
decide to crank out a new front-end, we would love to have a look at it ;-).
Regards,
Will
On Sun, Jan 3, 2010 at 10:29 PM, Rich Rumble <richrumble at gmail.com> wrote:
> What does one use to get Unified2 passed into MySQL, I've read that
> Barnyard hasn't been updated in quite some time and doesn't work with
> Unified2, I see Suricata seems to be logging in both unified and
> unified2... I've always had Snort write to MySQL directly, I've not
> used Mudpit/Flop/Barnyard as of yet, anyone have any tips or
> suggestions? I've always used BASE, however I've been wanting to take
> a crack at a new front-end for Snort for sometime, and I think
> Suricata might be my inspiration if there is indeed a void with
> applications transferring/translating unified2 into SQL. Right now I'm
> tail'ing the fast.log file... If I do dive into a front-end, I'll be
> sure to look at the stats log as well.
> -rich
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100103/7e5f9f9d/attachment-0002.html>
More information about the Oisf-devel
mailing list