Scott Pack

Asked: 2012-10-18 07:44:22 +0800 CST2012-10-18 07:44:22 +0800 CST 2012-10-18 07:44:22 +0800 CST

Configuring Barnyard2 Output Plug-In Per Input Source

I am currently using snort-2.9.3.1 outputting unified2 log format and using barnyard2-1.9 to process the alerts and send them to both syslog and a database. In some cases I have multiple instances of snort running on the same host and would like to log them separately.

Is there a way to configure barnyard2 such that depending on the input file name it will take different actions.

Something like,

 [snortmain_unified.log]
 output alert_syslog: LOG_AUTH LOG_ALERT

 [snortsecondary_unified.log
 output alert_syslog: LOG_LOCAL1 LOG_ERR

I am hoping to avoid running multiple instances of barnyard2.

Configuring Barnyard2 Output Plug-In Per Input Source

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Configuring Barnyard2 Output Plug-In Per Input Source

0 Answers