[rsyslog] rsyslog + mysql + base(snort)
david at lang.hm
david at lang.hm
Sun Mar 28 21:13:19 CEST 2010
I was just talking about snort logging friday with this in mind..
My understanding of the snort logs include a significant binary component.
This would not be trivial to deal with in rsyslog without encoding it
first.
David Lang
On Sun, 28 Mar 2010, Ralph Crongeyer wrote:
> All,
> I'm would like to try to have a setup like this. Have Snort log to
> rsyslog and then have rsyslog log to a mysql Base schema database.
> I know that people use Barnyard and or Barnyard2 for this setup to
> offload the writing to mysql to barnyard so that barnyard could receive
> snort logs and spool them if necessary before writing to mysql should
> mysql not be able to keep up.
> It seems to me that rsyslog's spooling capability could eliminate the
> need for barnyard.
> How would one go about applying a (for lack of better words) particular
> database schema so that rsyslog could write to the base database?
>
> Does anyone have any thoughts on this?
>
> Thanks,
> Ralph
>
>
More information about the rsyslog
mailing list